News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Threat Intel: Finding Balance in an Overcrowded Market
News  |  4/23/2018  | 
Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.
New Survey Shows Hybrid Cloud Confidence
Quick Hits  |  4/23/2018  | 
Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.
Cybercrime Economy Generates $1.5 Trillion a Year
News  |  4/20/2018  | 
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'
SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients
Quick Hits  |  4/20/2018  | 
Names, addresses, phone numbers, account balances, may have been exposed.
DNC Sues Guccifer 2.0, Russian Federation & Trump Campaign for Election Conspiracy
Quick Hits  |  4/20/2018  | 
DNC first hacked by Russians in 2015, according to the filing.
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Microsoft CISO Talks Threat Intel, 'Data Inclusion'
News  |  4/19/2018  | 
Dark Reading caught up with Microsoft's Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.
Securing Social Media: National Safety, Privacy Concerns
News  |  4/19/2018  | 
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
The Role of KPIs in Incident Response
Commentary  |  4/18/2018  | 
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
Cyber War Game Shows How Federal Agencies Disagree on Incident Response
News  |  4/18/2018  | 
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
Latest News from RSAC 2018
News  |  4/18/2018  | 
Check out Dark Reading's exclusive coverage of the news and security themes that are dominating RSA Conference 2018 this week in San Francisco.
How to Leverage Artificial Intelligence for Cybersecurity
Partner Perspectives  |  4/18/2018  | 
AI and predictive analytics should be used to augment a companys security team, not replace it. Here's why.
Data Visibility, Control Top Cloud Concerns at RSA
News  |  4/18/2018  | 
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
Microsoft to Roll Out Azure Sphere for IoT Security
News  |  4/16/2018  | 
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Symantec Now Offers Threat Detection Tools Used by its Researchers
Quick Hits  |  4/16/2018  | 
TAA now is part of Symantec's Integrated Cyber Defense Platform.
The Good, the Bad & the Disruptive: Bots on the Wild, Wild Web
Commentary  |  4/12/2018  | 
Not all bots are bad -- some are downright helpful -- so you can't block them entirely.
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Commentary  |  4/11/2018  | 
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
Palo Alto Networks Buys Secdo for Endpoint Detection
Quick Hits  |  4/11/2018  | 
The acquisition is intended to ramp up Palo Alto's endpoint detection capabilities with new tech and talent.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
News  |  4/10/2018  | 
Outside attackers still the biggest problem - except in healthcare.
Ransomware Up for Businesses, Down for Consumers in Q1
News  |  4/9/2018  | 
Ransomware, spyware, and cryptomining were the biggest enterprise threats during an otherwise quiet quarter for malware, researchers report.
Deep Instinct Adds MacOS Support
Quick Hits  |  4/9/2018  | 
Deep Instinct adds support for MacOS, Citrix, and multi-tenancy in its version 2.2 release.
RTF Design, Office Flaw Exploited in Multi-Stage Document Attack
News  |  4/9/2018  | 
Threat actors chained CVE-2017-8570 with known design behaviors in .docx and RTF to launch a multi-stage document attack.
Stripping the Attacker Naked
Commentary  |  4/6/2018  | 
How cyber threat intelligence can help you gain a better understanding of the enemy and why that gives security teams the upper hand.
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
News  |  4/5/2018  | 
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
Misconfigured Clouds Compromise 424% More Records in 2017
News  |  4/4/2018  | 
Cybercriminals are increasingly aware of misconfigured systems and they're taking advantage, report IBM X-Force researchers.
Microsoft Patches Critical Flaw in Malware Protection Engine
News  |  4/4/2018  | 
The emergency update addressed CVE-2018-0986, which would let an attacker execute malicious code on a Windows machine.
Iran 'the New China' as a Pervasive Nation-State Hacking Threat
News  |  4/4/2018  | 
Security investigations by incident responders at FireEye's Mandiant in 2017 found more prolific and sophisticated attacks out of Iran.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
Facebook Removes Russia-based Internet Research Agency-Controlled Pages
Quick Hits  |  4/4/2018  | 
CSO Alex Stamos explains why the company deleted 70 Facebook and 65 Instagram accounts, and 138 Facebook pages.
New Attack Vector Shows Dangers of S3 Sleep Mode
News  |  4/3/2018  | 
Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.
Panera Bread Leaves Millions of Customer Records Exposed Online
News  |  4/3/2018  | 
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
US Election Swing States Score Low Marks in Cybersecurity
News  |  3/29/2018  | 
C and D grades for Florida, Michigan, New Hampshire, Nevada, and Ohio, SecurityScorecard assessment shows.
New Android Cryptojacker Can Brick Phones
News  |  3/28/2018  | 
Mobile cryptojacking malware mines Monero.
Kaspersky Lab Open-Sources its Threat-Hunting Tool
Quick Hits  |  3/28/2018  | 
'KLara' was built to speed up and automate the process of identifying malware samples.
Report Shows Ransomware is the New Normal
Quick Hits  |  3/27/2018  | 
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
New Ransomware Attacks Endpoint Defenses
News  |  3/26/2018  | 
AVCrypt tries to disable anti-malware software before it can be detected and removed.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
Winners and Losers in Password 'Bracketology'
Quick Hits  |  3/23/2018  | 
A recent study shows that there's a clear winner in the 'most used sports mascot' password competition.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
Looking Back and Thinking Ahead on Cyberwar, Nation-State Attacks
News  |  3/23/2018  | 
In the domain of cyber warfare, the effective strategies for fighting yesterday's cyberattacks will not work against tomorrow's, experts said.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Hunting Cybercriminals with AWS Honey Tokens
News  |  3/22/2018  | 
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018  | 
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
Azure Guest Agent Design Enables Plaintext Password Theft
News  |  3/20/2018  | 
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
Hackers Steal Payment Card Data on 880K from Expedia Orbitz
Quick Hits  |  3/20/2018  | 
Expedia announces a breach exposing 880,000 customer records to the world.
The Case for Integrating Physical Security & Cybersecurity
Commentary  |  3/20/2018  | 
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
Page 1 / 2   >   >>


8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.