Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/7/2020
Comment1 Comment  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Exploiting Google Cloud Platform With Ease
Dark Reading Staff, News
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
By Dark Reading Staff , 8/6/2020
Comment1 Comment  |  Read  |  Post a Comment
Information Operations Spotlighted at Black Hat as Election Worries Rise
Robert Lemos, Contributing WriterNews
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
By Robert Lemos Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
Dark Reading Staff, News
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Using IoT Botnets to Manipulate the Energy Market
Dark Reading Staff, News
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
Dark Reading Staff, News
Researchers Peleg Hader and Tomer Bar ofSafeBreachshare details of the three vulnerabilities they found in Windows Print Spoolerthat could allow an attacker to sneak into the network throughan old printer service mechanism.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
2019 Breach Leads to $80 Million Fine for Capital One
Dark Reading Staff, Quick Hits
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips For Better Security Across the Software Supply Chain
Matthew Lewinski, Distinguished Engineer at Quest SoftwareCommentary
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
By Matthew Lewinski Distinguished Engineer at Quest Software, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Election Interference: Whats Next?
Sara Peters, Senior Editor at Dark ReadingNews
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
By Sara Peters Senior Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Attack of the Clone: Next-Gen Social Engineering
Dark Reading Staff, News
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Doubled in Q2 Compared with Prior Quarter
Jai Vijayan, Contributing WriterNews
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
By Jai Vijayan Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Threats Are Evolving & How to Spot Them
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
By Kelly Sheridan Staff Editor, Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Google & Amazon Replace Apple as Phishers' Favorite Brands
Dark Reading Staff, Quick Hits
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
By Dark Reading Staff , 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...