Threat Intelligence

News & Commentary
Apache Access Vulnerability Could Affect Thousands of Applications
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
Inside the Dark Web's 'Help Wanted' Ads
Kelly Sheridan, Staff Editor, Dark ReadingNews
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
SEC Warns Public Companies on Accounting Control Use
Dark Reading Staff, Quick Hits
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
By Dark Reading Staff , 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Three Dimensions of the Threat Intelligence Scale Problem
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
By Kelly Sheridan Staff Editor, Dark Reading, 10/16/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
Kelly Sheridan, Staff Editor, Dark ReadingNews
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
By Kelly Sheridan Staff Editor, Dark Reading, 10/15/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Hunters & Security Analysts: A Dynamic Duo
Rick Costanzo, CEO, RANK SoftwareCommentary
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
By Rick Costanzo CEO, RANK Software, 10/12/2018
Comment1 Comment  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment3 comments  |  Read  |  Post a Comment
The Better Way: Threat Analysis & IIoT Security
Satish Gannu, Chief Security Officer, ABBCommentary
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
By Satish Gannu Chief Security Officer, ABB, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
IIS Attacks Skyrocket, Hit 1.7M in Q2
Dark Reading Staff, Quick Hits
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
By Dark Reading Staff , 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Git Gets Patched for Newly Found Flaw
Dark Reading Staff, Quick Hits
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
By Dark Reading Staff , 10/9/2018
Comment0 comments  |  Read  |  Post a Comment
Constructing the Future of ICS Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018
Comment0 comments  |  Read  |  Post a Comment
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight SecurityCommentary
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
By Ben April CTO, Farsight Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/8/2018
Comment0 comments  |  Read  |  Post a Comment
Most Home Routers Are Full of Vulnerabilities
Dark Reading Staff, Quick Hits
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
By Dark Reading Staff , 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
Successful Scammers Call After Lunch
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ronaldthomas
Current Conversations good post
In reply to: a
Post Your Own Reply
More Conversations
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.