Attacks/Breaches

News & Commentary
Universities Get Schooled by Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Is World's Biggest Criminal Growth Industry
Dark Reading Staff, Quick Hits
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment1 Comment  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Dark Reading Staff, Quick Hits
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
Jai Vijayan, Freelance writerNews
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
By Jai Vijayan Freelance writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
Jai Vijayan, Freelance writerNews
Goal is to steal banking credentials by redirecting users to phishing sites.
By Jai Vijayan Freelance writer, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
NetSecOPEN Names Founding Members, Board of Directors
Dark Reading Staff, Quick Hits
The organization is charged with building open, transparent testing protocols for network security.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
Jai Vijayan, Freelance writerNews
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
By Jai Vijayan Freelance writer, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
New Google+ Breach Will Lead to Early Service Shutdown
Dark Reading Staff, Quick Hits
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Dr. Shifro' Prescribes Fake Ransomware Cure
Dark Reading Staff, Quick Hits
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Cloud Security Predictions for 2019
Ory Segal, CTO, PureSecCommentary
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
By Ory Segal CTO, PureSec, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: camera, camera everywhere, not a single news to rely on
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16873
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, b...
CVE-2018-16874
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in mod...
CVE-2018-16875
PUBLISHED: 2018-12-14
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ...
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.