Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Yahoo Breach Victims May Qualify for $358 Payout
Dark Reading Staff, Quick Hits
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Cozy Bear Emerges from Hibernation to Hack EU Ministries
Robert Lemos, Contributing WriterNews
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
By Robert Lemos Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Federal CIOs Zero In on Zero Trust
William Peteroy, Chief Technology Officer, Security, at GigamonCommentary
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
By Kelly Sheridan Staff Editor, Dark Reading, 10/15/2019
Comment2 comments  |  Read  |  Post a Comment
Targeted Ransomware Attacks Show No Signs of Abating
Jai Vijayan, Contributing WriterNews
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
By Jai Vijayan Contributing Writer, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Attacks Up Significantly in First Half of 2019
Dark Reading Staff, Quick Hits
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
More Breaches, Less Certainty Cause Dark Web Prices to Plateau
Robert Lemos, Contributing WriterNews
New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
By Robert Lemos Contributing Writer, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
Jai Vijayan, Contributing WriterNews
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
By Jai Vijayan Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Pitney Bowes Hit by Ransomware
Dark Reading Staff, Quick Hits
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Click2Mail Suffers Data Breach
Dark Reading Staff, Quick Hits
Mail provider discovered customer data being used in spam messages.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
iTunes Zero-Day Exploited to Deliver BitPaymer
Kelly Sheridan, Staff Editor, Dark ReadingNews
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18217
PUBLISHED: 2019-10-21
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
CVE-2019-16862
PUBLISHED: 2019-10-21
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
CVE-2019-17409
PUBLISHED: 2019-10-21
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVE-2019-10715
PUBLISHED: 2019-10-21
There is Stored XSS in Verodin Director before 3.5.4.0 via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages.
CVE-2019-10716
PUBLISHED: 2019-10-21
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.