Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
Jai Vijayan, Contributing WriterNews
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
By Jai Vijayan Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptominer Attacks Ramp Up, Focus on Persistence
Robert Lemos, Contributing WriterNews
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
By Robert Lemos Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Criminals Turn Friends into Enemies
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Managed service providers are the latest pawns in ransomware's game of chess.
By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
Impersonation Fraud Still Effective in Obtaining Code Signatures
Robert Lemos, Contributing WriterNews
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
By Robert Lemos Contributing Writer, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing WriterNews
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
By Jai Vijayan Contributing Writer, 9/16/2019
Comment3 comments  |  Read  |  Post a Comment
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
US Sanctions 3 Cyberattack Groups Tied to DPRK
Dark Reading Staff, Quick Hits
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
By Dark Reading Staff , 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once Youve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
Jai Vijayan, Contributing WriterNews
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
By Jai Vijayan Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Dark Reading Staff, Quick Hits
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
By Dark Reading Staff , 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff, Quick Hits
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
By Dark Reading Staff , 9/12/2019
Comment1 Comment  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Chris Hickman, Chief Security Officer at KeyfactorCommentary
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
By Chris Hickman Chief Security Officer at Keyfactor, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by juliabeyers
Current Conversations Thanks for your analytics
In reply to: Thanks
Post Your Own Reply
More Conversations
PR Newswire
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17789
PUBLISHED: 2019-09-20
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2019-11280
PUBLISHED: 2019-09-20
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain ...
CVE-2019-11326
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same pro...
CVE-2019-11327
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
CVE-2019-14814
PUBLISHED: 2019-09-20
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.