Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
News  |  1/17/2020  | 
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
NY Fed Reveals Implications of Cyberattack on US Financial System
Quick Hits  |  1/16/2020  | 
A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
New Report Spotlights Changes in Phishing Techniques
News  |  1/15/2020  | 
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
ISACs Join Forces to Secure the Travel Industry
Quick Hits  |  1/15/2020  | 
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
Microsoft Patches Windows Vuln Discovered by the NSA
News  |  1/14/2020  | 
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
Attackers Increasingly Focus on Business Disruption
News  |  1/14/2020  | 
Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Dustman Attack Underscores Iran's Cyber Capabilities
News  |  1/14/2020  | 
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Texas School District Loses $2.3M to Phishing Attack
Quick Hits  |  1/13/2020  | 
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
News  |  1/10/2020  | 
The approach allowed researchers to use machine learning on encrypted data without first decrypting it.
Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam
Quick Hits  |  1/10/2020  | 
The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.
5 Tips on How to Build a Strong Security Metrics Framework
Commentary  |  1/10/2020  | 
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Chinese Malware Found Preinstalled on US Government-Funded Phones
News  |  1/9/2020  | 
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
Operationalizing Threat Intelligence at Scale in the SOC
Commentary  |  1/9/2020  | 
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
TikTok Bugs Put Users' Videos, Personal Data At Risk
News  |  1/8/2020  | 
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
The Discovery and Implications of 'MDB Leaker'
News  |  1/7/2020  | 
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Ransomware Victim Southwire Sues Maze Operators
News  |  1/3/2020  | 
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
Malware Hits Travelex Currency Exchange Service
Quick Hits  |  1/3/2020  | 
The New Year's Eve malware attack forced Travelex employees to resort to manual operations.
Time for Insider-Threat Programs to Grow Up
News  |  1/2/2020  | 
Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.
Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group
Quick Hits  |  12/31/2019  | 
'Thallium' nation-state threat group used the domains to target mostly US victims.
The Coolest Hacks of 2019
News  |  12/30/2019  | 
A FaceTime fail, weaponized sound, a 'Prying Eye,' and a wearable fingerprint ring, were among the more novel and odd hacks this year.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Mastercard Announces Plan to Purchase RiskRecon
Quick Hits  |  12/23/2019  | 
The acquisition is expected to close in the first quarter of 2020.
Former NY Hospital Employee Admits to Stealing Colleagues' Data
Quick Hits  |  12/23/2019  | 
Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
New Orleans to Boost Cyber Insurance to $10M Post-Ransomware
Quick Hits  |  12/20/2019  | 
Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.
Worried About Magecart? Here's How to Check for It
Quick Hits  |  12/18/2019  | 
Researchers share how everyday users can check for malicious code on e-commerce websites.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
Higher Degree, Higher Salary? Not for Some Security Pros
News  |  12/17/2019  | 
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
Ransomware 'Crisis' in US Schools: More Than 1,000 Hit So Far in 2019
News  |  12/16/2019  | 
Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.
SQL Server 2019 Tool Tells Attackers Which Data Is Sensitive
News  |  12/16/2019  | 
The design of SQL Data Discovery & Classification could let attackers pinpoint sensitive information while flying under organizations' radars.
Rooster Teeth Alerts Customers to Magecart Attack
Quick Hits  |  12/16/2019  | 
The entertainment company discovered malicious content on the Shopify platform for its online store and removed it the same day.
Fortinet Buys CyberSponse for SOAR Capabilities
Quick Hits  |  12/13/2019  | 
It plans to integrate CyberSponse's SOAR platform into the Fortinet Security Fabric.
Android App Analysis Uncovers Seasonal Shopping Risk
News  |  12/12/2019  | 
Researchers scanned 4,200 Android apps and found many exhibit malicious behavior or have a dangerous level of permissions.
The Most, Least Insecure US Cities for SMBs
Quick Hits  |  12/12/2019  | 
A new report looks at computer activity in the 50 largest metropolitan areas.
Gallium: The Newest Threat Group on Microsoft's Radar
News  |  12/12/2019  | 
Hacking group has been targeting telecommunication providers.
Younger Generations Drive Bulk of 2FA Adoption
News  |  12/11/2019  | 
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
Only Half of Malware Caught by Signature AV
News  |  12/11/2019  | 
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.
City of Pensacola, Fla., Confirms Ransomware Attack
Quick Hits  |  12/11/2019  | 
Most systems remain offline to prevent the attack from spreading.
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
News  |  12/10/2019  | 
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.