News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Rogue Chrome, Firefox Extensions Hijack Browsers; Prevent Easy Removal
News  |  1/18/2018  | 
Malwarebytes describes malicious extensions as 'one of a kind'
BEC Attacks to Exceed $9B in 2018: Trend Micro
News  |  1/18/2018  | 
Business email compromise is projected to skyrocket as attackers adopt sophisticated techniques to dupe their victims.
Feds Team with Foreign Policy Experts to Assess US Election Security
News  |  1/18/2018  | 
Expert panel lays out potential risks for the 2018 election cycle and beyond
California Predicted to Lose $329M to Cybercrime in 2018
Quick Hits  |  1/18/2018  | 
The Golden State will be hit hardest but New York will lose the most money per incident.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
Man Admits to Directing DDoS Attacks Across the US
Quick Hits  |  1/18/2018  | 
New Mexico man pleads guilty to directing cyberattacks against his prior employers, business competitors, and law enforcement agencies.
Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
News  |  1/18/2018  | 
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
Doh!!! The 10 Most Overlooked Security Tasks
Slideshows  |  1/16/2018  | 
Heres a list of gotchas that often slip past overburdened security pros.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
CIA: Russian Military Hackers Behind NotPetya Attack
Quick Hits  |  1/15/2018  | 
Cyberattack last June aimed to disrupt Ukraine's financial system.
How to Attract More Women Into Cybersecurity Now
News  |  1/12/2018  | 
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession the dots just need to be connected.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
Quick Hits  |  1/12/2018  | 
Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.
Microsoft Launches 'Private Conversations' in Skype
Quick Hits  |  1/11/2018  | 
New feature uses Signal Protocol for strong encryption.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
RIG EK Remains Top of Heap, Turns to Cryptomining
News  |  1/11/2018  | 
Popular exploit kit turns its sights to drive-by cryptomining in what security researchers believe will be a trend to follow in 2018.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
Why Facebook Security Questions Are no Substitute for MFA
Partner Perspectives  |  1/11/2018  | 
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat
News  |  1/11/2018  | 
Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.
CISOs' No. 1 Concern in 2018: The Talent Gap
News  |  1/10/2018  | 
Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.
AWS, Google Cloud Popular Home for Botnet Controllers
News  |  1/10/2018  | 
The number of command-and-control listings increase 32% in 2017, with more botnet controllers hosted in the cloud.
FBI Director: Cryptocurrency, Nation-State Attacks, Among Agency's Top Cybersecurity Concerns
Quick Hits  |  1/10/2018  | 
Speaking at International Conference on Cyber Security, FBI director Christopher Wray pointed to a rise in nation-state attacks - and strong encryption that limits bureau investigations.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign
News  |  1/10/2018  | 
PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency.
Turla Cyberespionage Gang Employs Adobe Flash Installer
News  |  1/9/2018  | 
In recent data theft campaigns, the APT group has been downloading malware from what appears to be legitimate Adobe URLs and IP addresses, ESET says.
Microsoft Patches Exploited Office Bug
News  |  1/9/2018  | 
An Office memory corruption vulnerability is the only CVE reported as under active attack for this month's Patch Tuesday.
Microsoft: How the Threat Landscape Will Shift This Year
News  |  1/9/2018  | 
Exclusive interview with Windows Security lead on how 2017 was a "return to retro" security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.
Threatcare Acquires Savage Security
Quick Hits  |  1/9/2018  | 
The deal expands Threatcare's business beyond its breach and attack simulation platform to include services and applied research.
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
New Cryptocurrency Mining Malware Has Links to North Korea
News  |  1/8/2018  | 
A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.
VTech to Pay $650,000 in FTC Settlement
Quick Hits  |  1/8/2018  | 
VTech's Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.
Emailed Cyberattack Targets 2018 Pyeongchang Olympics
News  |  1/8/2018  | 
More than 300 organizations associated with the 2018 Olympics have been hit with a targeted email campaign.
US Gov Outlines Steps to Fight Botnets, Automated Threats
Quick Hits  |  1/8/2018  | 
The US Departments of Commerce and Homeland Security identify the challenges of, and potential actions against, automated cyberattacks.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018  | 
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
Breach of India's Biometric Database Puts 1 Billion Users at Risk
Quick Hits  |  1/5/2018  | 
The Tribune reports that hackers gained access to users' names, addresses, phone numbers, and other PII.
LockPoS Malware Sneaks onto Kernel via new Injection Technique
News  |  1/5/2018  | 
"Alarming evolution" of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018  | 
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
New Adware Discovered in 22 Apps in Google Play
Quick Hits  |  1/5/2018  | 
The 'LightsOut' adware is found is flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times.
Vendors Rush to Issue Security Updates for Meltdown, Spectre Flaws
News  |  1/4/2018  | 
Apple says all Mac and iOS systems are affected by new side-channel attack vulnerabilities.
Google Apps Script Vulnerability Exposes SaaS to URL-based Threats
News  |  1/4/2018  | 
A new means of exploiting Google Apps Script lets attackers deliver malware using URLs.
DHS Discovers Privacy Incident Involving Former Employee
Quick Hits  |  1/4/2018  | 
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
The Internet of (Secure) Things Checklist
Commentary  |  1/4/2018  | 
Insecure devices put your company at jeopardy. Use this checklist to stay safer.
In Mobile, It's Back to the Future
Commentary  |  1/3/2018  | 
The mobile industry keeps pushing forward while overlooking some security concerns of the past.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Commentary  |  1/3/2018  | 
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
Hackers Who Disabled Police Cameras Prior to Trump Inauguration Left Trail of Clues
News  |  1/2/2018  | 
Romanian police last month arrested Mihai Isvanca, and Eveline Cismaru for allegedly breaking into 123 computers controlling surveillance cameras at DC's police department in 2017.
Page 1 / 2   >   >>


How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
Researchers Offer a 'VirusTotal for ICS'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/16/2018
Which CISO 'Tribe' Do You Belong To?
Kelly Sheridan, Associate Editor, Dark Reading,  1/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.