Threat Intelligence

News & Commentary
8 Security Tips for a Hassle-Free Summer Vacation
Steve Zurier, Freelance Writer
It's easy to let your guard down when you're away. Hackers know that, too.
By Steve Zurier Freelance Writer, 6/23/2018
Comment1 Comment  |  Read  |  Post a Comment
New Drupal Exploit Mines Monero for Attackers
Dark Reading Staff, Quick Hits
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
By Dark Reading Staff , 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
By Kelly Sheridan Staff Editor, Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment3 comments  |  Read  |  Post a Comment
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Security Analytics Startup Uptycs Raises $10M in Series A
Dark Reading Staff, Quick Hits
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Blockchain All the Rage But Comes With Numerous Risks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
By Kelly Sheridan Staff Editor, Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark ReadingNews
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment2 comments  |  Read  |  Post a Comment
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
How the security industry can both make money and stay true to its core values, and why that matters.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018
Comment3 comments  |  Read  |  Post a Comment
SAP CSO: Security Requires Context
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
FireEye Finds New Clues in TRITON/TRISIS Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attackers behind the epic industrial-plant hack reverse-engineered the safety-monitoring system's proprietary protocol, researchers found.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/8/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RosanaXayaraj
Current Conversations Thanks
In reply to: Re: More information
Post Your Own Reply
More Conversations
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.