Threat Intelligence

News & Commentary
Staffing Shortage Makes Vulnerabilities Worse
Dark Reading Staff, Quick Hits
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
By Dark Reading Staff , 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
Hackers Found Phishing for Facebook Credentials
Dark Reading Staff, Quick Hits
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
By Dark Reading Staff , 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
ICS/SCADA Attackers Up Their Game
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
With attackers operating more aggressively and stealthily, some industrial network operators are working to get a jump on the threats.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
Post-Quantum Crypto Standards Arent All About the Math
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
From 'O.MG' to NSA, What Hardware Implants Mean for Security
Robert Lemos, Technology Journalist/Data ResearcherNews
A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.
By Robert Lemos Technology Journalist/Data Researcher, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment2 comments  |  Read  |  Post a Comment
New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage
Dark Reading Staff, Quick Hits
The (ISC)2 announces a new institute for working cybersecurity professionals to continue their education.
By Dark Reading Staff , 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Coffee Meets Bagel Confirms Hack on Valentine's Day
Dark Reading Staff, Quick Hits
The dating app says users' account data may have been obtained by an unauthorized party.
By Dark Reading Staff , 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Diversity Is Vital to Advance Security
Joan Pepin, CISO & VP of Operations, Auth0Commentary
Meet five female security experts who are helping to propel our industry forward.
By Joan Pepin CISO & VP of Operations, Auth0, 2/14/2019
Comment1 Comment  |  Read  |  Post a Comment
How to Create a Dream Team for the New Age of Cybersecurity
Gaurav Banga, Founder and CEO, BalbixCommentary
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
By Gaurav Banga Founder and CEO, Balbix, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Security Spills: 9 Problems Causing the Most Stress
Kelly Sheridan, Staff Editor, Dark Reading
Security practitioners reveal what's causing them the most frustration in their roles.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
2018 Was Second-Most Active Year for Data Breaches
Jai Vijayan, Freelance writerNews
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
By Jai Vijayan Freelance writer, 2/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Ex-US Intel Officer Charged with Helping Iran Target Her Former Colleagues
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Monica Witt, former Air Force and counterintel agent, has been indicted for conspiracy activities with Iranian government, hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Dig into Microsoft Office Functionality Flaws
Kelly Sheridan, Staff Editor, Dark ReadingNews
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
By Kelly Sheridan Staff Editor, Dark Reading, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Scammers Fall in Love with Valentine's Day
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark ReadingNews
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Symantec Acquires Luminate to Build on Cloud Security
Dark Reading Staff, Quick Hits
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.
By Dark Reading Staff , 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
2019 Security Spending Outlook
Ericka Chickowski, Contributing Writer, Dark Reading
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
OkCupid Denies Data Breach Amid Account Hack Complaints
Dark Reading Staff, Quick Hits
Users on the dating website report hackers breaking into their accounts, changing email addresses, and resetting passwords.
By Dark Reading Staff , 2/11/2019
Comment0 comments  |  Read  |  Post a Comment
US Law Enforcement Busts Romanian Online Crime Operation
Jai Vijayan, Freelance writerNews
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
By Jai Vijayan Freelance writer, 2/8/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nicfaust
Current Conversations Interesting post. Thank you.
In reply to: Hi!
Post Your Own Reply
Posted by MelvinGray
Current Conversations Right
In reply to: Re: Pipes
Post Your Own Reply
More Conversations
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8423
PUBLISHED: 2019-02-18
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424
PUBLISHED: 2019-02-18
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425
PUBLISHED: 2019-02-18
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426
PUBLISHED: 2019-02-18
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427
PUBLISHED: 2019-02-18
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.