Attacks/Breaches

News & Commentary
Click2Gov Breaches Attributed to WebLogic Application Flaw
Dark Reading Staff, Quick Hits
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
By Dark Reading Staff , 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Jason McKay, CTO, LogicworksCommentary
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
By Jason McKay CTO, Logicworks, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
By Kelly Sheridan Staff Editor, Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec in the World of 'Serverless'
Boris Chen, Co-founder and VP Engineering, tCell, Inc.Commentary
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
Jai Vijayan, Freelance writerNews
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
By Jai Vijayan Freelance writer, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, PreemptCommentary
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
By Ajit Sancheti CEO and Co-Founder, Preempt, 6/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Most Websites and Web Apps No Match for Attack Barrage
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The average website is attacked 50 times per day, with small businesses especially vulnerable.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writerNews
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
By Jai Vijayan Freelance writer, 6/19/2018
Comment1 Comment  |  Read  |  Post a Comment
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Former CIA Engineer Charged with Theft and Transmission of Classified Info
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Suspect had reportedly been named in Vault 7 leak to WikiLeaks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Robert Corradini, Director of Product Management at 5nineCommentary
Do 'cloud-first' strategies create a security-second mindset?
By Robert Corradini Director of Product Management at 5nine, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Dark Reading Staff, Quick Hits
Citizens Bank ATM and others targeted in the scheme.
By Dark Reading Staff , 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
Jai Vijayan, Freelance writerNews
Attacks directed at targets in Singapore went through the roof earlier this week.
By Jai Vijayan Freelance writer, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Email, Social Media Still Security Nightmares
Dark Reading Staff, Quick Hits
Phishing and banking trojans continue to be major threats brought into the enterprise.
By Dark Reading Staff , 6/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
Jai Vijayan, Freelance writerNews
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Email, Social Media Still Security Nightmares
Dark Reading Staff 6/15/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12526
PUBLISHED: 2018-06-21
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVE-2018-1253
PUBLISHED: 2018-06-21
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other ...
CVE-2018-1254
PUBLISHED: 2018-06-21
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript...
CVE-2018-12615
PUBLISHED: 2018-06-21
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
CVE-2016-10723
PUBLISHED: 2018-06-21
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurre...