Attacks/Breaches

News & Commentary
Necurs Botnet Goes Phishing for Banks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018
Comment2 comments  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Instagram Hack: Hundreds Affected, Russia Suspected
Dark Reading Staff, Quick Hits
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Open Source Software Poses a Real Security Threat
Jeff Williams, CTO, Contrast SecurityCommentary
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
By Jeff Williams CTO, Contrast Security, 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Washington Man Sentenced in Ransomware Conspiracy
Dark Reading Staff, Quick Hits
A guilty plea brings 18-month sentence on money laundering charges for former Microsoft employee.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Nigerian National Convicted for Phishing US Universities
Dark Reading Staff, Quick Hits
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of Cyber Extortion Scam
Dark Reading Staff, Quick Hits
Spear-phishing techniques are breathing new life into an old scam.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPNCommentary
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
By Francis Dinha CEO & Co-Founder of OpenVPN, 8/13/2018
Comment1 Comment  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
The Enigma of AI & Cybersecurity
Dr. Dongyan Wang, Chief AI Officer at DeepBrain ChainCommentary
We've only seen the beginning of what artificial intelligence can do for information security.
By Dr. Dongyan Wang Chief AI Officer at DeepBrain Chain, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Eye-Raising Third-Party Breaches
Ericka Chickowski, Contributing Writer, Dark Reading
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
Kelly Sheridan, Staff Editor, Dark ReadingNews
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
By Kelly Sheridan Staff Editor, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
PGA of America Struck By Ransomware
Dark Reading Staff, Quick Hits
Hackers provided a Bitcoin wallet number, though no specific ransom amount was demanded, for the return of files.
By Dark Reading Staff , 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2018
Sara Peters, Senior Editor at Dark ReadingNews
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
By Sara Peters Senior Editor at Dark Reading, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.