Threat Intelligence

News & Commentary
Threat Hunters & Security Analysts: A Dynamic Duo
Rick Costanzo, CEO, RANK SoftwareCommentary
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
By Rick Costanzo CEO, RANK Software, 10/12/2018
Comment1 Comment  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment2 comments  |  Read  |  Post a Comment
The Better Way: Threat Analysis & IIoT Security
Satish Gannu, Chief Security Officer, ABBCommentary
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
By Satish Gannu Chief Security Officer, ABB, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
IIS Attacks Skyrocket, Hit 1.7M in Q2
Dark Reading Staff, Quick Hits
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
By Dark Reading Staff , 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Git Gets Patched for Newly Found Flaw
Dark Reading Staff, Quick Hits
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
By Dark Reading Staff , 10/9/2018
Comment0 comments  |  Read  |  Post a Comment
Constructing the Future of ICS Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018
Comment0 comments  |  Read  |  Post a Comment
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight SecurityCommentary
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
By Ben April CTO, Farsight Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/8/2018
Comment0 comments  |  Read  |  Post a Comment
Most Home Routers Are Full of Vulnerabilities
Dark Reading Staff, Quick Hits
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
By Dark Reading Staff , 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
Successful Scammers Call After Lunch
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
12 AppSec Activities Enterprises Can't Afford to Skip
Ericka Chickowski, Contributing Writer, Dark Reading
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/5/2018
Comment1 Comment  |  Read  |  Post a Comment
For $14.71, You Can Buy A Passport Scan on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2018
Comment1 Comment  |  Read  |  Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
Jai Vijayan, Freelance writerNews
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
By Jai Vijayan Freelance writer, 10/3/2018
Comment0 comments  |  Read  |  Post a Comment
An Intro to Intra, the Android App for DNS Encryption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Alphabet's Jigsaw has released Intra, a free security app that aims to prevent government censorship.
By Kelly Sheridan Staff Editor, Dark Reading, 10/3/2018
Comment0 comments  |  Read  |  Post a Comment
Palo Alto Networks Buys RedLock to Strengthen Cloud Security
Dark Reading Staff, Quick Hits
The transaction, valued at $173 million, is intended to bring analytics and threat detection to Palo Alto Networks' cloud security offering.
By Dark Reading Staff , 10/3/2018
Comment0 comments  |  Read  |  Post a Comment
When Facebook Gets Hacked, Everyone Gets Hacked
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2018
Comment2 comments  |  Read  |  Post a Comment
The Award for Most Dangerous Celebrity Goes To
Dark Reading Staff, Quick Hits
A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.
By Dark Reading Staff , 10/2/2018
Comment0 comments  |  Read  |  Post a Comment
'Short, Brutal Lives': Life Expectancy for Malicious Domains
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Using a cooling-off period for domain names can help catch those registered by known bad actors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/1/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by kangnamclinic
Current Conversations thank for share
In reply to: thank for share
Post Your Own Reply
More Conversations
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CVE-2018-18319
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...
CVE-2018-18320
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...