News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
WatchGuard Buys DNS-Filtering Company Percipient Networks
Quick Hits  |  1/17/2018  | 
Percipient's 'Strongarm' to become part of WatchGuard's SMB security services.
Threats from Russia, North Korea Loom as Geopolitics Spills into Cyber Realm
News  |  1/17/2018  | 
Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in a new threat intelligence report.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
Researchers Offer a 'VirusTotal for ICS'
News  |  1/16/2018  | 
Free online sandbox, honeypot tool simulates a real-world industrial network environment.
1 in 9 Online Accounts Created in 2017 Was Fraudulent
Quick Hits  |  1/16/2018  | 
Account takeovers hot, stolen credit cards not.
Most Common Exploits of 2017 in Microsoft Office, Windows
News  |  1/16/2018  | 
The most common exploit affects Microsoft Office and has been used by attackers in North Korea, China, and Iran.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
CIA: Russian Military Hackers Behind NotPetya Attack
Quick Hits  |  1/15/2018  | 
Cyberattack last June aimed to disrupt Ukraine's financial system.
France Might Vet Acquisitions of AI, Data Protection Firms
Quick Hits  |  1/12/2018  | 
Finance minister says country may add artificial intelligence and data security to list of nation's strategically important, regulated sectors
How to Attract More Women Into Cybersecurity Now
News  |  1/12/2018  | 
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession the dots just need to be connected.
Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
Quick Hits  |  1/12/2018  | 
Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.
Microsoft Launches 'Private Conversations' in Skype
Quick Hits  |  1/11/2018  | 
New feature uses Signal Protocol for strong encryption.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
CISOs' No. 1 Concern in 2018: The Talent Gap
News  |  1/10/2018  | 
Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.
FBI Director: Cryptocurrency, Nation-State Attacks, Among Agency's Top Cybersecurity Concerns
Quick Hits  |  1/10/2018  | 
Speaking at International Conference on Cyber Security, FBI director Christopher Wray pointed to a rise in nation-state attacks - and strong encryption that limits bureau investigations.
Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign
News  |  1/10/2018  | 
PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency.
Microsoft Patches Exploited Office Bug
News  |  1/9/2018  | 
An Office memory corruption vulnerability is the only CVE reported as under active attack for this month's Patch Tuesday.
Microsoft: How the Threat Landscape Will Shift This Year
News  |  1/9/2018  | 
Exclusive interview with Windows Security lead on how 2017 was a "return to retro" security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.
Threatcare Acquires Savage Security
Quick Hits  |  1/9/2018  | 
The deal expands Threatcare's business beyond its breach and attack simulation platform to include services and applied research.
20 Cybersecurity Vendors Getting Venture Capital Love
Slideshows  |  1/9/2018  | 
VCs splashed a record $4B in funding in the cybersecurity pool - here are some highlights among the early- to middle-stage startups who snagged big deals last year.
VTech to Pay $650,000 in FTC Settlement
Quick Hits  |  1/8/2018  | 
VTech's Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.
Emailed Cyberattack Targets 2018 Pyeongchang Olympics
News  |  1/8/2018  | 
More than 300 organizations associated with the 2018 Olympics have been hit with a targeted email campaign.
Cyxtera Technologies to Acquire Immunity
Quick Hits  |  1/8/2018  | 
Deal will bring penetration testing products and services to Cyxtera's threat analytics portfolio.
Breach of India's Biometric Database Puts 1 Billion Users at Risk
Quick Hits  |  1/5/2018  | 
The Tribune reports that hackers gained access to users' names, addresses, phone numbers, and other PII.
LockPoS Malware Sneaks onto Kernel via new Injection Technique
News  |  1/5/2018  | 
"Alarming evolution" of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.
New Adware Discovered in 22 Apps in Google Play
Quick Hits  |  1/5/2018  | 
The 'LightsOut' adware is found is flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times.
DHS Discovers Privacy Incident Involving Former Employee
Quick Hits  |  1/4/2018  | 
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
Barracuda Hooks PhishLine in Social Engineering Security Acquisition
Quick Hits  |  1/3/2018  | 
Barracuda plans to use PhishLine's user awareness training to protect against targeted email-based attacks.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Commentary  |  1/3/2018  | 
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
Thales Acquires Gemalto, Integrates Digital Business
Quick Hits  |  1/2/2018  | 
Thales will combine its digital assets with Gemalto's as part of a new Global Business Unit.
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Quick Hits  |  12/29/2017  | 
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
Rapid Growth in Security Market Raises Question: How to Pick a Startup
News  |  12/28/2017  | 
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Quick Hits  |  12/27/2017  | 
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
The Coolest Hacks of 2017
News  |  12/27/2017  | 
Robots, voting machines, machine learning, and the wind were among the hacks security researchers pulled off this year.
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
Quick Hits  |  12/26/2017  | 
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
Network Printer & Scanner Spoofing Campaign Targets Millions
Quick Hits  |  12/22/2017  | 
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017  | 
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
Fileless Malware Attacks Hit Milestone in 2017
News  |  12/21/2017  | 
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
Small,Targeted Ransomware Attacks Emerge
News  |  12/21/2017  | 
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
9 Banking Trojans & Trends Costing Businesses in 2017
Slideshows  |  12/20/2017  | 
New Trojans appeared, old ones resurfaced, and delivery methods evolved as cybercriminals set their sights on financial data.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
Commentary  |  12/19/2017  | 
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
'Starwars' Debuts on List of Worst Passwords of 2017
News  |  12/19/2017  | 
Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event
Quick Hits  |  12/18/2017  | 
The bounty, split between two researchers, is the largest single reward by any government bug bounty program to date.
Lazarus Group Targets Bitcoin Company
Quick Hits  |  12/15/2017  | 
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
News  |  12/15/2017  | 
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Page 1 / 2   >   >>


How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
Researchers Offer a 'VirusTotal for ICS'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/16/2018
Which CISO 'Tribe' Do You Belong To?
Kelly Sheridan, Associate Editor, Dark Reading,  1/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.