Threat Intelligence

News & Commentary
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Dark Reading Staff, Quick Hits
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
By Dark Reading Staff , 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
APT34 Toolset, Victim Data Leaked via Telegram
Dark Reading Staff, Quick Hits
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
By Dark Reading Staff , 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Free Princeton Application Provides IoT Traffic Insight
Dark Reading Staff, Quick Hits
The application developed by a research group allows users to spot possible IoT security problems.
By Dark Reading Staff , 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
By Darren Anstee Chief Technology Officer at Arbor Networks, 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Third-Party Cyber-Risk by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
Robert Lemos, Technology Journalist/Data ResearcherNews
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
By Robert Lemos , 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Automation Paradox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
By Kelly Sheridan Staff Editor, Dark Reading, 4/17/2019
Comment2 comments  |  Read  |  Post a Comment
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
Robert Lemos, Technology Journalist/Data ResearcherNews
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
By Robert Lemos Technology Journalist/Data Researcher, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Inside the Dark Web's How-To Guides for Teaching Fraud
Dark Reading Staff, Quick Hits
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
By Dark Reading Staff , 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Freelance writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Freelance writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Decoding a 'New' Elite Cyber Espionage Team
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Meet Scranos: New Rootkit-Based Malware Gains Confidence
Kelly Sheridan, Staff Editor, Dark ReadingNews
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
IT Outsourcing Firm Wipro Investigates Data Breach
Dark Reading Staff, Quick Hits
Employee accounts may have been compromised in a sophisticated phishing campaign.
By Dark Reading Staff , 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
New Details Emerge on Windows Zero Day
Kelly Sheridan, Staff Editor, Dark ReadingNews
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
By Kelly Sheridan Staff Editor, Dark Reading, 4/15/2019
Comment0 comments  |  Read  |  Post a Comment
The Single Cybersecurity Question Every CISO Should Ask
Arif Kareem, CEO, ExtraHopCommentary
The answer can lead to a scalable enterprise security solution for years to come.
By Arif Kareem CEO, ExtraHop, 4/15/2019
Comment1 Comment  |  Read  |  Post a Comment
This Week in Security Funding: Where the Money Went
Kelly Sheridan, Staff Editor, Dark ReadingNews
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
Robert Lemos, Technology Journalist/Data ResearcherNews
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
By Robert Lemos Technology Journalist/Data Researcher, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
Tax Hacks: How Seasonal Scams Cause Yearlong Problems
Kelly Sheridan, Staff Editor, Dark ReadingNews
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
In Security, All Logs Are Not Created Equal
Joe Partlow, Chief Technology Officer, ReliaQuestCommentary
Prioritizing key log sources goes a long way toward effective incident response.
By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by brucewinters
Current Conversations What is the question?  :-)
In reply to: One Question?
Post Your Own Reply
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.