Threat Intelligence

News & Commentary
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Security Analytics Startup Uptycs Raises $10M in Series A
Dark Reading Staff, Quick Hits
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Blockchain All the Rage But Comes With Numerous Risks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
By Kelly Sheridan Staff Editor, Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark ReadingNews
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment2 comments  |  Read  |  Post a Comment
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
How the security industry can both make money and stay true to its core values, and why that matters.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018
Comment3 comments  |  Read  |  Post a Comment
SAP CSO: Security Requires Context
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
FireEye Finds New Clues in TRITON/TRISIS Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attackers behind the epic industrial-plant hack reverse-engineered the safety-monitoring system's proprietary protocol, researchers found.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/8/2018
Comment0 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Gains Enterprise Traction
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Emergency Patch for Flash Zero-Day
Kelly Sheridan, Staff Editor, Dark ReadingNews
Adobe has patched four security vulnerabilities today, including a zero-day being actively exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
Kelly Sheridan, Staff Editor, Dark ReadingNews
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
By Kelly Sheridan Staff Editor, Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RosanaXayaraj
Current Conversations Thanks
In reply to: Re: More information
Post Your Own Reply
More Conversations
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.