News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
News  |  11/20/2018  | 
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
6,500 Dark Web Sites Offline After Hosting Service Attacked
Quick Hits  |  11/20/2018  | 
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
Securities Markets at High Risk of Cyberattack
News  |  11/19/2018  | 
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Divide Remains Between Cybersecurity Awareness and Skill
Quick Hits  |  11/19/2018  | 
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
95% of Organizations Have Cultural Issues Around Cybersecurity
Commentary  |  11/16/2018  | 
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
Congress Passes Bill to Create New Federal Cybersecurity Agency
News  |  11/15/2018  | 
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Cyber Crooks Diversify Business with Multi-Intent Malware
Commentary  |  11/15/2018  | 
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Cloud, China, Generic Malware Top Security Concerns for 2019
News  |  11/15/2018  | 
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Small-Time Cybercriminals Landing Steady Low Blows
News  |  11/14/2018  | 
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
News  |  11/14/2018  | 
At the same time, criminal organizations continue to look for new ways to attack their victims.
Airlines Have a Big Problem with Bad Bots
News  |  11/14/2018  | 
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
Understanding Evil Twin AP Attacks and How to Prevent Them
Commentary  |  11/14/2018  | 
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
To Click or Not to Click: The Answer Is Easy
Commentary  |  11/14/2018  | 
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Getting to Know Magecart: An Inside Look at 7 Groups
News  |  11/13/2018  | 
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
Empathy: The Next Killer App for Cybersecurity?
Commentary  |  11/13/2018  | 
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
Google Traffic Temporarily Rerouted via Russia, China
News  |  11/13/2018  | 
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
RIP, 'IT Security'
Commentary  |  11/13/2018  | 
Information security is vital, of course. But the concept of "IT security" has never made sense.
Sophisticated Campaign Targets Pakistan's Air Force
News  |  11/13/2018  | 
Espionage campaign uses a variety of new evasion techniques.
2018 on Track to Be One of the Worst Ever for Data Breaches
News  |  11/12/2018  | 
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Paris Agreement on Cybercrime Falls Short of Unanimous Agreement
Quick Hits  |  11/12/2018  | 
More than 50 nations and 150 global companies agree to join effort to fight cybercrime.
Veterans Find New Roles in Enterprise Cybersecurity
News  |  11/12/2018  | 
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Cyberattacks Top Business Risks in North America, Europe, EAP
Quick Hits  |  11/12/2018  | 
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
'CARTA': A New Tool in the Breach Prevention Toolbox
Commentary  |  11/12/2018  | 
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
Guilty Plea Made in Massive International Cell Phone Fraud Case
Quick Hits  |  11/9/2018  | 
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
The Morris Worm Turns 30
News  |  11/9/2018  | 
How the historic Internet worm attack of 1988 has shaped security or not.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Commentary  |  11/9/2018  | 
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
Symantec Uncovers North Korean Group's ATM Attack Malware
News  |  11/8/2018  | 
Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Microsoft President: Governments Must Cooperate on Cybersecurity
News  |  11/8/2018  | 
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
Banking Malware Takes Aim at Brazilians
Quick Hits  |  11/8/2018  | 
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
New Side-Channel Attacks Target Graphics Processing Units
News  |  11/7/2018  | 
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
News  |  11/7/2018  | 
"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
Utah Hacker Pleads Guilty to DoS Attacks: DoJ
Quick Hits  |  11/7/2018  | 
Online gaming companies, including Sony Online Entertainment, and servers were main targets.
5 Reasons Why Threat Intelligence Doesn't Work
Commentary  |  11/7/2018  | 
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
'PortSmash' Brings New Side-Channel Attack to Intel Processors
News  |  11/6/2018  | 
New vulnerability exposes encryption keys in the first proof-of-concept code.
HSBC: Security Breach Exposes Account, Transaction Data
Quick Hits  |  11/6/2018  | 
Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
'Trump' Tops Election-Spam Subject Lines
Quick Hits  |  11/5/2018  | 
Fake email messages aka spam contain the president's name in 2,811% of median message sampling.
7 Non-Computer Hacks That Should Never Happen
Slideshows  |  11/5/2018  | 
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
After the Breach: Tracing the 'Smoking Gun'
Commentary  |  11/5/2018  | 
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
News  |  11/2/2018  | 
Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
NITTF Releases New Model for Insider Threat Program
Quick Hits  |  11/2/2018  | 
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Page 1 / 2   >   >>


New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.