Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
US Treasury Sanctions Russian Institution Linked to Triton Malware
Dark Reading Staff, Quick Hits
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
By Dark Reading Staff , 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Flurry of Warnings Highlight Cyber Threats to US Elections
Jai Vijayan, Contributing WriterNews
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
By Jai Vijayan Contributing Writer, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Botnet Infects Hundreds of Thousands of Websites
Robert Lemos, Contributing WriterNews
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
By Robert Lemos Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Plague Loyalty Programs
Ericka Chickowski, Contributing WriterNews
But that's not the only type of web attack cybercriminals have been profiting from.
By Ericka Chickowski Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Michael Piccalo, Director, OT/ICS Systems Engineering, Forescout TechnologiesCommentary
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
By Michael Piccalo Director, OT/ICS Systems Engineering, Forescout Technologies, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Robert Lemos, Contributing WriterNews
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Attacks Show Little Sign of Slowing in 2021
Jai Vijayan, Contributing WriterNews
With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
By Jai Vijayan Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Dark Reading Staff, Quick Hits
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
Robert Lemos, Contributing WriterNews
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
By Robert Lemos Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
GravityRAT Spyware Targets Android & MacOS in India
Dark Reading Staff, Quick Hits
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
By Ericka Chickowski Contributing Writer, 10/19/2020
Comment1 Comment  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Dark Reading Staff, Quick Hits
At least three campaigns are now underway.
By Dark Reading Staff , 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
By Kelly Sheridan Staff Editor, Dark Reading, 10/16/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by karthik.k16
Current Conversations Thanks. Very informative
In reply to: Great article
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...