News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
News  |  9/21/2018  | 
How Park Jin Hyok charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks inadvertently blew his cover via email accounts.
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Quick Hits  |  9/21/2018  | 
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
US Approves Cyber Weapons Against Foreign Enemies
Quick Hits  |  9/21/2018  | 
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Retail Sector Second-Worst Performer on Application Security
News  |  9/20/2018  | 
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
Japanese Cryptocurrency Exchange Hit with $60M Theft
Quick Hits  |  9/20/2018  | 
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
As Tech Drives the Business, So Do CISOs
News  |  9/19/2018  | 
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
FBI: Phishing Attacks Aim to Swap Payroll Information
Quick Hits  |  9/19/2018  | 
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Websites Attack Attempts Rose in Q2
News  |  9/18/2018  | 
New data shows hackers hit websites, on average, every 25 minutes.
Symantec Offers Free Website Security Service for Midterm Elections
News  |  9/18/2018  | 
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
GovPayNow Leak of 14M+ Records Dates Back to 2012
Quick Hits  |  9/18/2018  | 
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
RDP Ports Prove Hot Commodities on the Dark Web
News  |  9/17/2018  | 
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
Military, Government Users Just as Bad About Password Hygiene as Civilians
News  |  9/14/2018  | 
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
News  |  9/13/2018  | 
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
News  |  9/13/2018  | 
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
Modular Malware Brings Stealthy Attacks to Former Soviet States
News  |  9/12/2018  | 
A new malware technique is making phishing attacks harder to spot when they succeed.
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
News  |  9/12/2018  | 
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
Mobile Attack Rates Up 24% Globally, 44% in US
Quick Hits  |  9/12/2018  | 
One-third of all fraud targets are mobile, a growing source of all digital transactions.
Mirai, Gafgyt Botnets Resurface with New Tricks
News  |  9/11/2018  | 
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
The Key to Stealing a Tesla Model S
Quick Hits  |  9/11/2018  | 
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
New 'Fallout' EK Brings Return of Old Ransomware
News  |  9/10/2018  | 
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
Three Trend Micro Apps Caught Collecting MacOS User Data
News  |  9/10/2018  | 
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
The Best Way To Secure US Elections? Paper Ballots
News  |  9/6/2018  | 
Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
News  |  9/6/2018  | 
New research sheds light on the biggest threats to strike ICS systems in the first half of 2018, and what's in store for the rest of this year.
Why a Healthy Data Diet Is the Secret to Healthy Security
Commentary  |  9/6/2018  | 
In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
US to Charge North Korea for Sony Breach, WannaCry
Quick Hits  |  9/6/2018  | 
The DoJ plans to charge North Korean threat actors for their involvement in two major cyberattacks, US officials report.
Understanding & Solving the Information-Sharing Challenge
Commentary  |  9/6/2018  | 
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
PowerPool Malware Uses Windows Zero-Day Posted on Twitter
News  |  9/5/2018  | 
Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Who's At Greatest Risk for BEC Attacks? Not the CEO
News  |  8/30/2018  | 
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
New Pen Test Tool Tricks Targets with Microsoft WCX Files
Quick Hits  |  8/30/2018  | 
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Windows Zero-Day Flaw Disclosed Via Twitter
News  |  8/29/2018  | 
Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
7 Steps to Start Searching with Shodan
Slideshows  |  8/29/2018  | 
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Fileless Attacks Jump 94% in First Half of 2018
News  |  8/28/2018  | 
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
Iranian Hackers Target Universities in Global Cyberattack Campaign
News  |  8/27/2018  | 
Cobalt Dickens threat group is suspected to be behind a large-scale cyberattack wave targeting credentials to access academic resources.
Why CISOs Should Make Friends With Their CMOs
Slideshows  |  8/27/2018  | 
A partnership between IT security and marketing could offer many benefits to each group and to the entire enterprise.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
6 Reasons Security Awareness Programs Go Wrong
Slideshows  |  8/23/2018  | 
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17338
PUBLISHED: 2018-09-23
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.
CVE-2018-17341
PUBLISHED: 2018-09-23
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.