Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2019
Comment0 comments  |  Read  |  Post a Comment
HP Purchases Security Startup Bromium
Dark Reading Staff, Quick Hits
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
By Dark Reading Staff , 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Dark Reading Staff, Quick Hits
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
By Dark Reading Staff , 9/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff, Quick Hits
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Saudi IT Providers Hit in Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Dark Reading Staff, Quick Hits
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptominer Attacks Ramp Up, Focus on Persistence
Robert Lemos, Contributing WriterNews
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
By Robert Lemos Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminal's Black Market Pricing Guide
Ericka Chickowski, Contributing Writer
Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.
By Ericka Chickowski Contributing Writer, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
15K Private Webcams Could Let Attackers View Homes, Businesses
Dark Reading Staff, Quick Hits
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Court Rules In Favor of Firm 'Scraping' Public Data
Dark Reading Staff, Quick Hits
US appeals court said a company can legally use publicly available LinkedIn account information.
By Dark Reading Staff , 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Data Leak Affects Most of Ecuador's Population
Kelly Sheridan, Staff Editor, Dark ReadingNews
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
US Sanctions 3 Cyberattack Groups Tied to DPRK
Dark Reading Staff, Quick Hits
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
By Dark Reading Staff , 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once Youve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by juliabeyers
Current Conversations Thanks for your analytics
In reply to: Thanks
Post Your Own Reply
More Conversations
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.