Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Mist Computing Startup Distributes Security AI to the Network Edge
News  |  5/24/2019  | 
MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
7 Recent Wins Against Cybercrime
Slideshows  |  5/24/2019  | 
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Quick Hits  |  5/23/2019  | 
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
Microsoft Opens Defender ATP for Mac to Public Preview
Quick Hits  |  5/23/2019  | 
Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.
Russian Nation-State Hacking Unit's Tools Get More Fancy
News  |  5/23/2019  | 
APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.
Alphabet's Chronicle Explores Code-Signing Abuse in the Wild
News  |  5/22/2019  | 
A new analysis highlights the prevalence of malware signed by certificate authorities and the problems with trust-based security.
Consumer IoT Devices Are Compromising Enterprise Networks
News  |  5/22/2019  | 
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
TeamViewer Admits Breach from 2016
Quick Hits  |  5/20/2019  | 
The company says it stopped the attack launched by a Chinese hacking group.
DHS Warns of Data Theft via Chinese-Made Drones
Quick Hits  |  5/20/2019  | 
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.
97% of Americans Cant Ace a Basic Security Test
News  |  5/20/2019  | 
Still, a new Google study uncovers a bit of good news, too.
DevOps Repository Firms Establish Shared Analysis Capability
News  |  5/17/2019  | 
Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.
When Older Windows Systems Won't Die
News  |  5/17/2019  | 
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
Exposed Elasticsearch Database Compromises Data on 8M People
Quick Hits  |  5/17/2019  | 
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Google to Replace Titan Security Keys Affected by Bluetooth Bug
News  |  5/16/2019  | 
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
Attackers Are Messing with Encryption Traffic to Evade Detection
News  |  5/15/2019  | 
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
Two Ransomware Recovery Firms Typically Pay Hackers
Quick Hits  |  5/15/2019  | 
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
News  |  5/14/2019  | 
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
Uniqlo Parent Company Says Hack Compromised 461,091
Quick Hits  |  5/14/2019  | 
Fast Retailing Co. reports cyberattackers accessed accounts registered to its Japanese Uniqlo and GU brand websites.
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
News  |  5/14/2019  | 
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Why AI Will Create Far More Jobs Than It Replaces
Commentary  |  5/14/2019  | 
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
News  |  5/13/2019  | 
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
Attacks on JavaScript Services Leak Info From Websites
News  |  5/13/2019  | 
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
78% of Consumers Say Online Companies Must Protect Their Info
News  |  5/13/2019  | 
Yet 68% agree they also must do more to protect their own information.
Demystifying the Dark Web: What You Need to Know
Slideshows  |  5/10/2019  | 
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
Microsoft SharePoint Bug Exploited in the Wild
Quick Hits  |  5/10/2019  | 
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
How We Collectively Can Improve Cyber Resilience
Commentary  |  5/10/2019  | 
Three steps you can take, based on Department of Homeland Security priorities.
Nation-State Breaches Surged in 2018: Verizon DBIR
News  |  5/9/2019  | 
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
Baltimore City Network Struck with Ransomware Attack
Quick Hits  |  5/7/2019  | 
Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.
How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools
News  |  5/7/2019  | 
New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.
The Dark Web Is Smaller Than You Think
News  |  5/7/2019  | 
The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.
The Big E-Crime Pivot
Commentary  |  5/7/2019  | 
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Attackers Add a New Spin to Old Scams
News  |  5/6/2019  | 
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Password Reuse, Misconfiguration Blamed for Repository Compromises
News  |  5/6/2019  | 
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
Open Security Tests Gain Momentum With More Lab Partners
News  |  5/3/2019  | 
NetSecOPEN, a group of next-generation firewall vendors, has added the first university-based testing facility in its effort to move toward more open security testing.
Security Doesn't Trust IT and IT Doesn't Trust Security
News  |  5/2/2019  | 
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Quick Hits  |  5/2/2019  | 
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
Why Are We Still Celebrating World Password Day?
News  |  5/2/2019  | 
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro
News  |  5/1/2019  | 
Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.
Database Leaks, Network Traffic Top Data Exfiltration Methods
News  |  4/30/2019  | 
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
Threat Intelligence Firms Look to AI, but Still Require Humans
News  |  4/30/2019  | 
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.
Researchers Explore Remote Code Injection in macOS
News  |  4/30/2019  | 
Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
News  |  4/29/2019  | 
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
Cyberattackers Focus on More Subtle Techniques
News  |  4/25/2019  | 
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
55% of SMBs Would Pay Up Post-Ransomware Attack
Quick Hits  |  4/25/2019  | 
The number gets even higher among larger SMBs.
Enterprise Trojan Detections Spike 200% in Q1 2019
News  |  4/25/2019  | 
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
Sensitive Data Lingers on Used Storage Drives Sold Online
News  |  4/25/2019  | 
Four in 10 used hard drives sold on eBay found to contain sensitive information.
Page 1 / 2   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .