News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Quick Hits  |  9/21/2018  | 
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Slideshows  |  9/21/2018  | 
Move beyond generic, annual security awareness training with these important tips.
US Approves Cyber Weapons Against Foreign Enemies
Quick Hits  |  9/21/2018  | 
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Retail Sector Second-Worst Performer on Application Security
News  |  9/20/2018  | 
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Japanese Cryptocurrency Exchange Hit with $60M Theft
Quick Hits  |  9/20/2018  | 
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
Cryptojackers Grow Dramatically on Enterprise Networks
News  |  9/19/2018  | 
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
Mirai Hackers' Sentence Includes No Jail Time
Quick Hits  |  9/19/2018  | 
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
FBI: Phishing Attacks Aim to Swap Payroll Information
Quick Hits  |  9/19/2018  | 
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
IoT Threats Triple Since 2017
Quick Hits  |  9/18/2018  | 
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
New Xbash Malware a Cocktail of Malicious Functions
News  |  9/17/2018  | 
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
RDP Ports Prove Hot Commodities on the Dark Web
News  |  9/17/2018  | 
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
Yahoo Class-Action Suits Set for Settlement
Quick Hits  |  9/17/2018  | 
Altaba tells SEC it will incur $47 million to settle consumer litigation for massive Yahoo data breaches.
Ransomware Takes Down Airport's Flight Information Screens
Quick Hits  |  9/17/2018  | 
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
Guccifer to Be Extradited to US for Prison Sentence
Quick Hits  |  9/14/2018  | 
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
News  |  9/13/2018  | 
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
News  |  9/13/2018  | 
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
Kelihos Botnet Operator Pleads Guilty in Federal Court
Quick Hits  |  9/13/2018  | 
The 38-year-old Russian national operated several botnets and infected thousands of systems with malware.
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Modular Malware Brings Stealthy Attacks to Former Soviet States
News  |  9/12/2018  | 
A new malware technique is making phishing attacks harder to spot when they succeed.
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
News  |  9/12/2018  | 
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
4 Trends Giving CISOs Sleepless Nights
Commentary  |  9/12/2018  | 
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
Mobile Attack Rates Up 24% Globally, 44% in US
Quick Hits  |  9/12/2018  | 
One-third of all fraud targets are mobile, a growing source of all digital transactions.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
Mirai, Gafgyt Botnets Resurface with New Tricks
News  |  9/11/2018  | 
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
British Airways Breach Linked to Ticketmaster Breach Attackers
Quick Hits  |  9/11/2018  | 
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
New 'Fallout' EK Brings Return of Old Ransomware
News  |  9/10/2018  | 
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Quick Hits  |  9/10/2018  | 
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
Russian National Extradited for 2014 JP Morgan Hack
Quick Hits  |  9/10/2018  | 
Andrei Tyurin was arrested for his involvement in a hacking campaign targeting US financial institutions, financial news publishers, brokerage firm, and other companies.
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
News  |  9/7/2018  | 
The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Quick Hits  |  9/7/2018  | 
'Big Bang' group returns with new campaign after last year's RAT attacks.
British Airways Issues Apology for Severe Data Breach
Quick Hits  |  9/7/2018  | 
The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers.
The Role of Incident Response in ICS Security Compliance
Commentary  |  9/7/2018  | 
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
The Best Way To Secure US Elections? Paper Ballots
News  |  9/6/2018  | 
Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
News  |  9/6/2018  | 
New research sheds light on the biggest threats to strike ICS systems in the first half of 2018, and what's in store for the rest of this year.
Report: Data Breaches Hit Share Prices, Too
Quick Hits  |  9/6/2018  | 
A data breach has a measurable impact on stock price, according to a report looking at incidents from the past six years
Why a Healthy Data Diet Is the Secret to Healthy Security
Commentary  |  9/6/2018  | 
In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
US to Charge North Korea for Sony Breach, WannaCry
Quick Hits  |  9/6/2018  | 
The DoJ plans to charge North Korean threat actors for their involvement in two major cyberattacks, US officials report.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17338
PUBLISHED: 2018-09-23
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.
CVE-2018-17341
PUBLISHED: 2018-09-23
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.