Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Advanced Threats
Page 1 / 2   >   >>
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
News  |  7/9/2020  | 
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Commentary  |  7/7/2020  | 
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
How to Assess More Sophisticated IoT Threats
Commentary  |  7/6/2020  | 
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Lucifer Malware Aims to Become Broad Platform for Attacks
News  |  6/25/2020  | 
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
What's Anonymous Up to Now?
News  |  6/17/2020  | 
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
The Hitchhiker's Guide to Web App Pen Testing
Commentary  |  6/11/2020  | 
Time on your hands and looking to learn about web apps? Here's a list to get you started.
Asset Management Mess? How to Get Organized
News  |  6/10/2020  | 
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists
News  |  6/9/2020  | 
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based "ethical hacking" firm that works on behalf of commercial clients.
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
News  |  6/1/2020  | 
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
Valak Malware Retasked to Steal Data from US, German Firms
News  |  5/28/2020  | 
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
Data Loss Spikes Under COVID-19 Lockdowns
News  |  5/28/2020  | 
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
6 Steps Consumers Should Take Following a Hack
Slideshows  |  5/27/2020  | 
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
6 Free Cybersecurity Training and Awareness Courses
Slideshows  |  5/12/2020  | 
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
The Price of Fame? Celebrities Face Unique Hacking Threats
News  |  5/6/2020  | 
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Is CVSS the Right Standard for Prioritization?
Commentary  |  5/6/2020  | 
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
It Was 20 Years Ago Today: Remembering the ILoveYou Virus
News  |  5/5/2020  | 
The worm infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
News  |  4/29/2020  | 
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
4 Ways to Get to Defensive When Faced by an Advanced Attack
Commentary  |  4/29/2020  | 
To hold your own against nation-state-grade attacks, you must think and act differently.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Cybercrime Group Steals $1.3M from Banks
News  |  4/24/2020  | 
A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.
11 Tips for Protecting Active Directory While Working from Home
Commentary  |  4/22/2020  | 
To improve the security of your corporate's network, protect the remote use of AD credentials.
Attackers Aim at Software Supply Chain with Package Typosquatting
News  |  4/21/2020  | 
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
DHS Issues Alert for New North Korean Cybercrime
Quick Hits  |  4/15/2020  | 
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Commentary  |  4/15/2020  | 
Hackers are upping their game, especially as they target mobile devices.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Cybercrime May Be the World's Third-Largest Economy by 2021
Commentary  |  4/13/2020  | 
The underground economy is undergoing an industrialization wave and booming like never before.
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19338
PUBLISHED: 2020-07-13
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is ...
CVE-2020-11749
PUBLISHED: 2020-07-13
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVE-2020-5766
PUBLISHED: 2020-07-13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
CVE-2020-15689
PUBLISHED: 2020-07-13
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
CVE-2019-4591
PUBLISHED: 2020-07-13
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.