Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Mirai Groups Target Business IoT Devices
News  |  7/19/2019  | 
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Commentary  |  7/19/2019  | 
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
BitPaymer Ransomware Operators Wage Custom, Targeted Attacks
News  |  7/18/2019  | 
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
Open Source Hacking Tool Grows Up
News  |  7/18/2019  | 
Koadic toolkit gets upgrades and a little love from nation-state hackers.
RDP Bug Takes New Approach to Host Compromise
News  |  7/18/2019  | 
Researchers show how simply connecting to a rogue machine can silently compromise the host.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Slideshows  |  7/18/2019  | 
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Bulgarian Tax Breach Nets All the Records
Quick Hits  |  7/18/2019  | 
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Commentary  |  7/18/2019  | 
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
MITRE ATT&CK Framework Not Just for the Big Guys
News  |  7/17/2019  | 
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
News  |  7/17/2019  | 
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
Sprint Reveals Account Breach via Samsung Website
News  |  7/17/2019  | 
The last-June breach exposed data including names, phone numbers, and account numbers.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
FBI Publishes GandCrab Decryption Keys
Quick Hits  |  7/16/2019  | 
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.
How Attackers Infiltrate the Supply Chain & What to Do About It
Commentary  |  7/16/2019  | 
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
US Mayors Commit to Just Saying No to Ransomware
News  |  7/16/2019  | 
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
Is 2019 the Year of the CISO?
Commentary  |  7/16/2019  | 
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Flaws in Telegram & WhatsApp on Android Put Data at Risk
News  |  7/15/2019  | 
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
News  |  7/15/2019  | 
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Commentary  |  7/12/2019  | 
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Data Center Changes Push Cyber Risk to Network's Edge
News  |  7/11/2019  | 
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
APT Groups Make Quadruple What They Spend on Attack Tools
News  |  7/11/2019  | 
Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.
How to Catch a Phish: Where Employee Awareness Falls Short
News  |  7/11/2019  | 
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Monroe College Hit with Ransomware Attack
Quick Hits  |  7/11/2019  | 
All campuses are affected, with attackers demanding $2 million in Bitcoin in exchange for decryption keys.
Summer: A Time for Vacations & Cyberattacks?
News  |  7/11/2019  | 
About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Persistent Threats Can Last Inside SMB Networks for Years
News  |  7/11/2019  | 
The average dwell time for riskware can be as much as 869 days.
Financial Firms Face Threats from Employee Mobile Devices
News  |  7/10/2019  | 
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.
New Ransomware Targets QNAP's Network-Attached Storage Devices
News  |  7/10/2019  | 
More than 19,000 systems in the US are potentially at risk from eCh0raix.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Financial Impact of Cybercrime Exceeded $45B in 2018
News  |  7/9/2019  | 
Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.
Zoom Client for Mac Exposing Users to Serious Risks
News  |  7/9/2019  | 
Videoconferencing software maker downplays risks and says mitigations are on the way.
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
News  |  7/9/2019  | 
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
Cloud Security and Risk Mitigation
Commentary  |  7/9/2019  | 
Just because your data isn't on-premises doesn't mean you're not responsible for security.
Cybercriminals Target Budding Cannabis Retailers
Quick Hits  |  7/9/2019  | 
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
Marriott Faces $124 Million GDPR Fine in UK
Quick Hits  |  7/9/2019  | 
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
Britain Looks to Levy Record GDPR Fine Against British Airways
News  |  7/8/2019  | 
The penalty is a sign of things to come, say experts.
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
Slideshows  |  7/8/2019  | 
Just some of the research and ideas worth checking out at this year's 'security summer camp.'
UK Forensics Firm Paid Ransom in Cyberattack
Quick Hits  |  7/5/2019  | 
Victim firm Eurofins Scientific handles more than 70,000 criminal cases per year in the UK.
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
US Military Warns Companies to Look Out for Iranian Outlook Exploits
News  |  7/3/2019  | 
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
New 'WannaHydra' Malware a Triple Threat to Android
News  |  7/3/2019  | 
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.
Sodin Ransomware Exploits Windows Privilege Escalation Bug
News  |  7/3/2019  | 
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Commentary  |  7/3/2019  | 
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
Disarming Employee Weaponization
Commentary  |  7/3/2019  | 
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
TA505 Group Launches New Targeted Attacks
News  |  7/3/2019  | 
Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.
New MacOS Malware Discovered
News  |  7/2/2019  | 
A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.
Page 1 / 2   >   >>


Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12820
PUBLISHED: 2019-07-19
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, th...
CVE-2019-12821
PUBLISHED: 2019-07-19
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containin...
CVE-2019-12453
PUBLISHED: 2019-07-19
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
CVE-2019-12945
PUBLISHED: 2019-07-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-17792
PUBLISHED: 2019-07-19
MDaemon Webmail (formerly WorldClient) has CSRF.