Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Joker's Stash Puts $130M Price Tag on Credit Card Database
Dark Reading Staff, Quick Hits
A new analysis advises security teams on what they should know about the underground payment card seller.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
5 Security Processes You Shouldn't Overlook During M&A
Julie Cullivan, Chief Technology and People Officer, Forescout TechnologiesCommentary
Security needs to be a central element of due diligence if a merger or acquisition is to succeed
By Julie Cullivan Chief Technology and People Officer, Forescout Technologies, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Hospital Cyberattacks Linked to Increase in Heart Attack Mortality
Dark Reading Staff, Quick Hits
Breach remediation processes adversely impact timeliness in patient care and outcomes, a new study finds.
By Dark Reading Staff , 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
TA542 Brings Back Emotet with Late September Spike
Kelly Sheridan, Staff Editor, Dark ReadingNews
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
By Kelly Sheridan Staff Editor, Dark Reading, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
PayPal Upsets Microsoft as Phishers' Favorite Brand
Dark Reading Staff, Quick Hits
Several factors edged the world's most popular payment service into the top spot.
By Dark Reading Staff , 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
Accounting Scams Continue to Bilk Businesses
Robert Lemos, Contributing WriterNews
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows most often via e-mail continue to enable big paydays.
By Robert Lemos Contributing Writer, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Google Announces App Defense Alliance
Dark Reading Staff, Quick Hits
The industry partnership will scan apps for malware before they're published on the Google Play Store.
By Dark Reading Staff , 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
California DMV Leak Spills Data from Thousands of Drivers
Dark Reading Staff, Quick Hits
Federal agencies reportedly had improper access to Social Security data belonging to 3,200 license holders.
By Dark Reading Staff , 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
The Uphill Battle of Triaging Alerts
Anton Chuvakin, Head of Security Solution Strategy, ChronicleCommentary
Prioritizing alerts is foundational to security, but almost every organization struggles to manage this process efficiently. Here's what you can do about it.
By Anton Chuvakin Head of Security Solution Strategy, Chronicle, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Disclosure Does Little to Dissuade Cyber Spies
Robert Lemos, Contributing WriterNews
In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.
By Robert Lemos Contributing Writer, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Dark Reading Staff, Quick Hits
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
By Kelly Sheridan Staff Editor, Dark Reading, 11/4/2019
Comment1 Comment  |  Read  |  Post a Comment
First Bluekeep Exploit Found in the Wild
Dark Reading Staff, Quick Hits
Crashing honeypots alerted the researcher who found the Bluekeep vulnerability.
By Dark Reading Staff , 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Dark Reading Staff, Quick Hits
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
By Dark Reading Staff , 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
Google Patches Chrome Zero-Day Under Active Attack
Dark Reading Staff, Quick Hits
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers.
By Dark Reading Staff , 11/1/2019
Comment0 comments  |  Read  |  Post a Comment
8 Holiday Security Tips for Retailers
Steve Zurier, Contributing Writer
Here's how retailers can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
By Steve Zurier Contributing Writer, 11/1/2019
Comment1 Comment  |  Read  |  Post a Comment
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
By Kelly Sheridan Staff Editor, Dark Reading, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
Coalfire CEO Wants Criminal Charges Against His Employees Dropped
Dark Reading Staff, Quick Hits
Felony charges against two employees tasked with testing the physical security of the Dallas County, Iowa, courthouse have been lessened, but that's not enough, CEO says.
By Dark Reading Staff , 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
New Office 365 Phishing Scam Leaves A Voicemail
Dark Reading Staff, Quick Hits
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
By Dark Reading Staff , 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by jackryan123
Current Conversations very interesting to read!
In reply to: interesting
Post Your Own Reply
More Conversations
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: How do you like our new spear phishing email solution?
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.