Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Gamifying Password Training Shows Security Benefits
News  |  8/10/2020  | 
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
Better Business Bureau Warns of New Visa Scam
Quick Hits  |  8/10/2020  | 
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.
Q2 DDoS Attacks Triple Year Over Year: Report
Quick Hits  |  8/10/2020  | 
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.
Reddit Attack Defaces Dozens of Channels
Quick Hits  |  8/7/2020  | 
The attack has defaced the channels with images and content supporting Donald Trump.
Researcher Finds New Office Macro Attacks for MacOS
News  |  8/7/2020  | 
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Exploiting Google Cloud Platform With Ease
News  |  8/6/2020  | 
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
News  |  8/6/2020  | 
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Information Operations Spotlighted at Black Hat as Election Worries Rise
News  |  8/6/2020  | 
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
Using IoT Botnets to Manipulate the Energy Market
News  |  8/6/2020  | 
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
News  |  8/6/2020  | 
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
News  |  8/6/2020  | 
Researchers Peleg Hader and Tomer Bar ofSafeBreachshare details of the three vulnerabilities they found in Windows Print Spoolerthat could allow an attacker to sneak into the network throughan old printer service mechanism.
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
News  |  8/6/2020  | 
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
2019 Breach Leads to $80 Million Fine for Capital One
Quick Hits  |  8/6/2020  | 
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
Russian Election Interference: Whats Next?
News  |  8/5/2020  | 
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
Attack of the Clone: Next-Gen Social Engineering
News  |  8/5/2020  | 
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
News  |  8/5/2020  | 
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
DDoS Attacks Doubled in Q2 Compared with Prior Quarter
News  |  8/5/2020  | 
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
How Ransomware Threats Are Evolving & How to Spot Them
News  |  8/4/2020  | 
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
Retooling the SOC for a Post-COVID World
Commentary  |  8/4/2020  | 
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
Google & Amazon Replace Apple as Phishers' Favorite Brands
Quick Hits  |  8/4/2020  | 
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
Securing IoT as a Remote Workforce Strategy
Commentary  |  8/4/2020  | 
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
FBI Warns on New E-Commerce Fraud
News  |  8/3/2020  | 
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
DHS Urges 'Highest Priority' Attention on Old Chinese Malware Threat
News  |  8/3/2020  | 
"Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008.
Travel Management Firm CWT Pays $4.5M to Ransomware Attackers
Quick Hits  |  8/3/2020  | 
Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data.
3 Arrested for Massive Twitter Breach
Quick Hits  |  7/31/2020  | 
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Quick Hits  |  7/31/2020  | 
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
Dark Web Travel Fraudsters Left Hurting From Lockdowns
News  |  7/30/2020  | 
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
Average Cost of a Data Breach: $3.86 Million
News  |  7/29/2020  | 
New IBM study shows that security system complexity and cloud migration can amplify breach costs.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Lazarus Group Shifts Gears with Custom Ransomware
News  |  7/28/2020  | 
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.
Avon Server Leaks User Info and Administrative Data
Quick Hits  |  7/28/2020  | 
An unprotected server has exposed more than 7GB of data from the beauty brand.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
7.5M Banking Customers Affected in Dave Security Breach
Quick Hits  |  7/28/2020  | 
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
ShinyHunters Offers Stolen Data on Dark Web
Quick Hits  |  7/27/2020  | 
The threat actor offers more than 26 million records from a series of data breaches.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Garmin Takes App & Services Offline After Suspected Ransomware Attack
Quick Hits  |  7/24/2020  | 
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.
Access to Internal Twitter Admin Tools Is Widespread
Quick Hits  |  7/24/2020  | 
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
News  |  7/23/2020  | 
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-15139
PUBLISHED: 2020-08-10
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Mes...