News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
US Intel Officials Share Their National Cybersecurity Concerns
News  |  7/20/2018  | 
Leaders in the security sector discuss the most pressing cyberthreats threatening the United States and what can be done to mitigate them.
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
News  |  7/20/2018  | 
Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Microsoft: Three Hacking Attempts Made on Midterm Elections
Quick Hits  |  7/20/2018  | 
Microsoft detected data indicating three congressional candidates were being hit with cyberattacks - the first to target midterm elections.
HR Services Firm ComplyRight Suffers Major Data Breach
News  |  7/20/2018  | 
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Commentary  |  7/20/2018  | 
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
Cyberattacks in Finland Surge During Trump-Putin Summit
News  |  7/19/2018  | 
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Number of Retailers Impacted by Breaches Doubles
News  |  7/19/2018  | 
The retail race for digital transformation is being run without the safety of security measures.
Make Security Boring Again
Commentary  |  7/18/2018  | 
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Quick Hits  |  7/18/2018  | 
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Commentary  |  7/18/2018  | 
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
White House Cybersecurity Strategy at a Crossroads
News  |  7/17/2018  | 
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
7 Nigerians Indicted for Fraud Operation on Dating Sites
Quick Hits  |  7/17/2018  | 
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
Russian National Vulnerability Database Operation Raises Suspicions
News  |  7/16/2018  | 
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
News  |  7/13/2018  | 
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Commentary  |  7/13/2018  | 
To keep an organization safe, you must think about the entire IT ecosystem.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Commentary  |  7/12/2018  | 
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
Timehop Releases New Details About July 4 Breach
Quick Hits  |  7/12/2018  | 
Additional information includes PII affected and the authentication issue that led to the breach.
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Quick Hits  |  7/12/2018  | 
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
News  |  7/11/2018  | 
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Newly Found Spectre Variants Bring New Concerns
News  |  7/11/2018  | 
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
News  |  7/11/2018  | 
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
This Is How Much a 'Mega Breach' Really Costs
News  |  7/11/2018  | 
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
Major International Airport System Access Sold for $10 on Dark Web
News  |  7/11/2018  | 
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
News  |  7/10/2018  | 
Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Asian APT Groups Most Active in Q2
News  |  7/10/2018  | 
Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.
For Data Thieves, the World Cup Runneth Over
Commentary  |  7/10/2018  | 
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
Data Breaches at Timehop, Macy's Highlight Need for Multi-Factor Authentication
News  |  7/9/2018  | 
Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers.
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Insurers Sue Trustwave for $30M Over '08 Heartland Data Breach
News  |  7/9/2018  | 
Lawsuit filed by Lexington Insurance and Beazley Insurance is in response to a Trustwave legal filing that called their claims meritless.
Two More Convicted in $30M Massive Hacking, Securities Fraud Operation
News  |  7/9/2018  | 
A former hedge fund manager and securities trader participated in a scheme that made $30 million by trading on information from stolen press releases.
Chinese Wind Turbine Manufacturer Gets Max. Fine for Source Code Theft
Quick Hits  |  7/9/2018  | 
Sinovel Wind Group has been sentenced for stealing trade secrets from the company formerly known as American Superconductor Inc.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Putin Pushes for Global Cybersecurity Cooperation
Quick Hits  |  7/6/2018  | 
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
New Malware Strain Targets Cryptocurrency Fans Who Use Macs
Quick Hits  |  7/6/2018  | 
OSX.Dummy depends on substantial help from an unwary victim.
Former NSO Group Employee Steals, Sells Spy Tools
Quick Hits  |  7/6/2018  | 
The Israeli hacking firm says its stolen software is worth hundreds of millions of dollars.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Weak Admin Password Enabled Gentoo GitHub Breach
News  |  7/5/2018  | 
Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.