News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens
Quick Hits  |  3/19/2018
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Quick Hits  |  3/19/2018
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Cybercriminals Launder Up to $200B in Profit Per Year
News  |  3/19/2018
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Are DDoS Attacks Increasing or Decreasing? Depends on Whom You Ask
News  |  3/15/2018
Details on DDoS trends can vary, depending on the reporting source.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Trump Administration Slaps Sanctions on Russian Hackers, Operatives
News  |  3/15/2018
A two-pronged and mostly symbolic strategy names and shames Russia for US election-tampering and hacking of critical infrastructure.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
77% of Businesses Lack Proper Incident Response Plans
News  |  3/14/2018
New research shows security leaders have false confidence in their ability to respond to security incidents.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
North Korea Threat Group Targeting Turkish Financial Orgs
News  |  3/8/2018
Hidden Cobra appears to be collecting information for a later strike, McAfee says.
Olympic Destroyer's 'False Flag' Changes the Game
News  |  3/8/2018
Kaspersky Lab researchers uncover evidence of how the attackers who targeted the Winter Olympic Games impersonated an infamous North Korea hacking team.
CIGslip Lets Attackers Bypass Microsoft Code Integrity Guard
News  |  3/8/2018
The new technique would enable attackers to inject malicious content into Microsoft Edge and other protected processes.
Yahoo Agrees to $80 Million Settlement with Investors
Quick Hits  |  3/8/2018
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
News  |  3/8/2018
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
How Guccifer 2.0 Got 'Punk'd' by a Security Researcher
News  |  3/8/2018
Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the 'unsupervised cutout' who shared with him more stolen DCCC documents.
Group-IB Helps Suspend Ukrainian DDoS Attack Group
Quick Hits  |  3/7/2018
This case marks the first successful prosecution of cybercriminals in Ukraine, the organization reports.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Memcached DDoS Attack: Kill Switch, New Details Disclosed
Quick Hits  |  3/7/2018
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue.
Second Ransomware Round Hits Colorado DOT
Quick Hits  |  3/6/2018
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks. Goes Away, Panic Ensues
Quick Hits  |  3/5/2018
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.
Millions of Office 365 Accounts Hit with Password Stealers
News  |  3/2/2018
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
Mueller May Indict Russians Who Hacked DNC
Quick Hits  |  3/2/2018
Special counsel is compiling a case against the hackers who breached the DNC and John Podesta's email account, NBC News reports.
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
News  |  3/1/2018
The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren.
'Chafer' Uses Open Source Tools to Target Iran's Enemies
News  |  3/1/2018
Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.
GitHub Among Victims of Massive DDoS Attack Wave
Quick Hits  |  3/1/2018
GitHub reports its site was unavailable this week when attackers leveraged Memcached servers to generate large, widespread UDP attacks.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
Equifax Finds 2.4 Million Additional US Victims of its Data Breach
Quick Hits  |  3/1/2018
Total of victims now at 147.9 million customers.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.