Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Triton Attackers Seen Scanning US Power Grid Networks
News  |  6/14/2019  | 
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
News  |  6/13/2019  | 
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
Cyberattack Hits Aircraft Parts Manufacturer
Quick Hits  |  6/13/2019  | 
Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.
Congress Gives 'Hack Back' Legislation Another Try
Quick Hits  |  6/13/2019  | 
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
The Rise of 'Purple Teaming'
Commentary  |  6/13/2019  | 
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
BlueKeep RDP Vulnerability a Ticking Time Bomb
News  |  6/13/2019  | 
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
SQL Injection Attacks Represent Two-Third of All Web App Attacks
News  |  6/13/2019  | 
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
New Funding Values KnowBe4 at $1 Billion
Quick Hits  |  6/12/2019  | 
The $300 million investment is being led by KKR.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
Suppliers Spotlighted After Breach of Border Agency Subcontractor
News  |  6/11/2019  | 
Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.
'Have I Been Pwned' Is Up for Sale
Quick Hits  |  6/11/2019  | 
Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support.
What 3 Powerful GoT Women Teach Us about Cybersecurity
Commentary  |  6/11/2019  | 
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
FBI Warns of Dangers in 'Safe' Websites
News  |  6/11/2019  | 
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
Getting Up to Speed on Magecart
Commentary  |  6/11/2019  | 
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
Federal Photos Filched in Contractor Breach
Quick Hits  |  6/10/2019  | 
Data should never have been on subcontractor's servers, says Customs and Border Protection.
Cognitive Bias Can Hamper Security Decisions
News  |  6/10/2019  | 
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
GoldBrute Botnet Brute-Forcing 1.5M RDP Servers
Quick Hits  |  6/10/2019  | 
Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.
Dark Web Becomes a Haven for Targeted Hits
News  |  6/7/2019  | 
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
News  |  6/7/2019  | 
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.
The Minefield of Corporate Email
News  |  6/7/2019  | 
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
Feds Make New Arrest in Darkode Case
News  |  6/6/2019  | 
Another American was arrested and charged alongside three international suspects who remain at large, according to newly unsealed indictment.
6 Security Scams Set to Sweep This Summer
Slideshows  |  6/6/2019  | 
Experts share the cybersecurity threats to watch for and advice to stay protected.
Inside the Criminal Businesses Built to Target Enterprises
News  |  6/6/2019  | 
Researchers witness an increase in buying and selling targeted hacking services, custom malware, and corporate network access on the Dark Web.
When Security Goes Off the Rails
Commentary  |  6/6/2019  | 
Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis.
Vietnam Rises as Cyberthreat
News  |  6/5/2019  | 
The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.
Healthcare Breach Expands to 19.6 Million Patient Accounts
News  |  6/5/2019  | 
LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.
Adware Hidden in Android Apps Downloaded More Than 440 Million Times
News  |  6/4/2019  | 
The heavily obfuscated adware was found in 238 different apps on Google Play.
Carbanak Attack: Two Hours to Total Compromise
News  |  6/4/2019  | 
Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.
2.8 Billion US Consumer Records Lost in 2018
Quick Hits  |  6/4/2019  | 
Healthcare breaches grew 400%, study shows.
How Today's Cybercriminals Sneak into Your Inbox
News  |  6/4/2019  | 
The tactics and techniques most commonly used to slip past security defenses and catch employees off guard.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
Medical Debt Collector Breach Highlights Supply Chain Dangers
News  |  6/4/2019  | 
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.
Zebrocy APT Group Expands Malware Arsenal with New Backdoor Family
News  |  6/3/2019  | 
Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.
Microsoft Urges Businesses to Patch 'BlueKeep' Flaw
News  |  6/3/2019  | 
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.
Baltimore Ransomware Attacker Was Behind Now-Suspended Twitter Account
News  |  6/3/2019  | 
Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.
New SOAP Attack Hits South African Home Routers
Quick Hits  |  5/31/2019  | 
A huge wave of attacks is targeting home routers in South Africa for recruitment into a Hakai-based botnet.
Checkers Breach Underscores Continued POS Dangers
News  |  5/31/2019  | 
Attacks on point-of-sale terminals garners less attention these days, but the most recent breach of the restaurant chain shows hackers have not lost focus.
Focusing on Endpoints: 5 Steps to Fight Cybercrime
Commentary  |  5/31/2019  | 
Follow these best practices to strengthen endpoint management strategies and protect company data.
The Ransomware Dilemma: What if Your Local Government Is Next?
Commentary  |  5/30/2019  | 
Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.
Docker Vulnerability Opens Servers to Container Code
News  |  5/29/2019  | 
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Impersonation Attacks Up 67% for Corporate Inboxes
News  |  5/29/2019  | 
Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.
Don't Just Tune Your SIEM, Retune It
Commentary  |  5/29/2019  | 
Your SIEM isn't a set-it-and-forget-it proposition. It's time for a spring cleaning.
WannaCry Lives On in 145K Infected Devices
News  |  5/29/2019  | 
Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.
Flipboard Confirms Two Hacks, Prompts Password Resets
Quick Hits  |  5/29/2019  | 
The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.
Emotet Made Up 61% of Malicious Payloads in Q1
News  |  5/29/2019  | 
The botnet has displaced credential stealers, stand-alone downloaders, and RATs in the overall threat landscape.
FirstAm Leak Highlights Importance of Verifying the Basics
News  |  5/28/2019  | 
The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing.
GandCrab Gets a SQL Update
News  |  5/28/2019  | 
A new attack is found that uses MySQL as part of the attack chain in a GandCrab ransomware infection.
Web App Vulnerabilities Flying Under Your Radar
News  |  5/28/2019  | 
A penetration tester shows how low-severity Web application bugs can have a greater effect than businesses realize.
Page 1 / 2   >   >>


7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.