Attacks/Breaches

News & Commentary
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark ReadingNews
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
By Kelly Sheridan Associate Editor, Dark Reading, 2/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Rise of the 'Hivenet': Botnets That Think for Themselves
Derek Manky, Global Security Strategist, FortinetCommentary
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
By Derek Manky Global Security Strategist, Fortinet, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Sentenced in Heartland Payment Systems Breach Case
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Two more men involved in the massive payment card theft from multiple major US corporations that began in 2007 now sent to federal prison.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Gang Ramps up Ransomware Campaign
Jai Vijayan, Freelance writerNews
In the last few weeks, Gold Lowell group has collected over $350K after infecting victims with SamSam crypto malware, researchers at Secureworks found.
By Jai Vijayan Freelance writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
White House: Russian Military Behind NotPetya Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Trump administration statement comes on the heels of UK government calling out Russia for the cyberattacks that spread through Europe and elsewhere.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
IRS Reports Steep Decline in Tax-Related ID Theft
Steve Zurier, Freelance WriterNews
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
By Steve Zurier Freelance Writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
By Kelly Sheridan Associate Editor, Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Democracy & DevOps: What Is the Proper Role for Security?
PJ Kirner, CTO & Founder, IllumioCommentary
Security experts need a front-row seat in the application development process but not at the expense of the business.
By PJ Kirner CTO & Founder, Illumio, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMattersCommentary
A solid approach to change management can help prevent problems downstream.
By Robert Hawk Privacy & Security Lead at xMatters, 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
The Mirai Botnet Is Attacking Again
David Holmes, World-Wide Security Evangelist, F5
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
By David Holmes World-Wide Security Evangelist, F5, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3Commentary
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
By Greg Kushto Vice President of Sales Engineering at Force 3, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Cybercrime Costs for Financial Sector up 40% Since 2014
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.
By Sara Peters Senior Editor at Dark Reading, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
Fileless Malware: Not Just a Threat, but a Super-Threat
Itay Glick, CEO & Co-founder, VotiroCommentary
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
By Itay Glick CEO & Co-founder, Votiro, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
The GDPR Clock Is Running Out. Now What?
Simon Eappariello, Senior VP Product & Engineering, EMEIA, iboss
Many organizations impacted by new European Union data privacy rules that go into effect May 25 are still blind to some of the basics.
By Simon Eappariello Senior VP Product & Engineering, EMEIA, iboss, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
Kelly Sheridan, Associate Editor, Dark ReadingNews
A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
By Kelly Sheridan Associate Editor, Dark Reading, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Joseph Carson, Chief Security Scientist at ThycoticCommentary
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
By Joseph Carson Chief Security Scientist at Thycotic, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Names New CISO
Dark Reading Staff, Quick Hits
Former Home Depot CISO takes the reins in the wake of Equifax's massive data breach and fallout.
By Dark Reading Staff , 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cyberattack Aimed to Disrupt Opening of Winter Olympics
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
By Kelly Sheridan Associate Editor, Dark Reading, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Infected Plug-In to Install Cryptomining Tool on Over 4200 Websites
Jai Vijayan, Freelance writerNews
Victims include UK's ICO, and National Health Service and USCourts.gov.
By Jai Vijayan Freelance writer, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.