Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Europol Head Fears 5G Will Give Criminals an Edge
Dark Reading Staff, Quick Hits
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
By Dark Reading Staff , 7/19/2019
Comment0 comments  |  Read  |  Post a Comment
Mirai Groups Target Business IoT Devices
Robert Lemos, Contributing WriterNews
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
By Robert Lemos Contributing Writer, 7/19/2019
Comment0 comments  |  Read  |  Post a Comment
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers show how simply connecting to a rogue machine can silently compromise the host.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2019
Comment2 comments  |  Read  |  Post a Comment
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Jai Vijayan, Contributing Writer
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2019
Comment0 comments  |  Read  |  Post a Comment
Security Snapshot: OS, Authentication, Browser & Cloud Trends
Kelly Sheridan, Staff Editor, Dark ReadingNews
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2019
Comment0 comments  |  Read  |  Post a Comment
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing WriterNews
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
By Robert Lemos Contributing Writer, 7/16/2019
Comment3 comments  |  Read  |  Post a Comment
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
Kelly Sheridan, Staff Editor, Dark ReadingNews
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2019
Comment0 comments  |  Read  |  Post a Comment
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading
Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2019
Comment3 comments  |  Read  |  Post a Comment
How to Catch a Phish: Where Employee Awareness Falls Short
Kelly Sheridan, Staff Editor, Dark ReadingNews
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Software Engineer Charged for Taking Stolen Trade Secrets to China
Dark Reading Staff, Quick Hits
Xudong Yao reportedly stole proprietary information from his employer and brought it to China, where he is believed to currently reside.
By Dark Reading Staff , 7/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Persistent Threats Can Last Inside SMB Networks for Years
Steve Zurier, Contributing WriterNews
The average dwell time for riskware can be as much as 869 days.
By Steve Zurier Contributing Writer, 7/11/2019
Comment0 comments  |  Read  |  Post a Comment
Industry Insight: Checking Up on Healthcare Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Modern threats putting healthcare organization at risk, how they're improving their security posture, and where many fall short.
By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Financial Firms Face Threats from Employee Mobile Devices
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Vulnerability Found in GE Anesthesia Machines
Dark Reading Staff, Quick Hits
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.
By Dark Reading Staff , 7/10/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons Why SOC Superstars Quit
Edy Almer, VP Product, CyberbitCommentary
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
By Edy Almer VP Product, Cyberbit, 7/10/2019
Comment3 comments  |  Read  |  Post a Comment
Financial Impact of Cybercrime Exceeded $45B in 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.
By Kelly Sheridan Staff Editor, Dark Reading, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
Robert Lemos, Contributing WriterNews
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
By Robert Lemos Contributing Writer, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Zero-Day Vulnerabilities Under Active Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
US Military Warns Companies to Look Out for Iranian Outlook Exploits
Robert Lemos, Contributing WriterNews
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
By Robert Lemos Contributing Writer, 7/3/2019
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.