Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
News  |  5/26/2020  | 
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
World Leaders Urge Action Against Healthcare Cyberattacks
Quick Hits  |  5/26/2020  | 
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
The Problem with Artificial Intelligence in Security
Commentary  |  5/26/2020  | 
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Quick Hits  |  5/20/2020  | 
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
Google Chrome Redesign Puts Security & Privacy in Users' Hands
Quick Hits  |  5/19/2020  | 
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Private Equity Firm Stalls $1.9B Forescout Acquisition
Quick Hits  |  5/18/2020  | 
Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.
Microsoft Open Sources Its Coronavirus Threat Data
Quick Hits  |  5/15/2020  | 
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
News  |  5/14/2020  | 
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
Project Aims to Unmask Disinformation Bots
News  |  5/14/2020  | 
BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?
79% of Companies Report Identity-Related Breach in Past Two Years
Quick Hits  |  5/14/2020  | 
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
Facebook Fails to Staunch Coronavirus Misinformation
News  |  5/14/2020  | 
The social media giant in April affixed warning labels on 50 million pieces of content
New Cyber-Espionage Framework Dubbed Ramsay
News  |  5/13/2020  | 
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
Attackers Routinely Use Older Vulnerabilities to Exploit Businesses, US Cyber Agency Warns
News  |  5/13/2020  | 
Security issues in Microsoft products dominate the US government's top 10 list of commonly exploited vulnerabilities, but Apache Struts, Adobe Flash, and Drupal are also routinely targeted.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
Secure Contact Tracing Needs More Transparent Development
News  |  5/12/2020  | 
Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.
DHS, FBI & DoD Report on New North Korean Malware
Quick Hits  |  5/12/2020  | 
Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea.
Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic
News  |  5/12/2020  | 
Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.
A-List Celebrity Law Firm Confirms Cyberattack
Quick Hits  |  5/12/2020  | 
Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.
6 Free Cybersecurity Training and Awareness Courses
Slideshows  |  5/12/2020  | 
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Thunderbolt Vulnerabilities Could Threaten Millions of PCs
News  |  5/11/2020  | 
Attackers with physical access to targeted machines could exploit these flaws to access and copy data within minutes, researchers say.
Researchers Analyze Oracle WebLogic Flaw Under Attack
Quick Hits  |  5/11/2020  | 
Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Companies Struggle for Effective Cybersecurity
News  |  5/8/2020  | 
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints
News  |  5/8/2020  | 
A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.
DocuSign Phishing Campaign Uses COVID-19 as Bait
Quick Hits  |  5/8/2020  | 
The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.
Threat-Modeling Basics Using MITRE ATT&CK
Commentary  |  5/7/2020  | 
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
Maze Ransomware Operators Step Up Their Game
News  |  5/6/2020  | 
Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.
Financial Phishing Attacks Take Off, Malware Declines
News  |  5/6/2020  | 
In the past year, the number of digital threats increased by nearly half as phishing swamped malware to become the most dominant attack technique.
Microsoft Reportedly in Talks to Acquire CyberX
Quick Hits  |  5/6/2020  | 
CyberX was founded in 2013 and has raised $48 million to build its cybersecurity platform for IoT and industrial control systems.
The Price of Fame? Celebrities Face Unique Hacking Threats
News  |  5/6/2020  | 
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Microsoft Challenges Security Researchers to Hack Azure Sphere
News  |  5/5/2020  | 
Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.
Attackers Adapt Techniques to Pandemic Reality
News  |  5/5/2020  | 
Over the past several months, threat actors have quickly shifted their tactics to take advantage of interest in the coronavirus, two studies find.
Cloud Startup Orca Security Raises $20M Series A
Quick Hits  |  5/5/2020  | 
The Israeli cloud security startup has built a platform to help organizations gain greater visibility into multicloud deployments.
Malicious Use of AI Poses a Real Cybersecurity Threat
Commentary  |  5/5/2020  | 
We should prepare for a future in which artificially intelligent cyberattacks become more common.
It Was 20 Years Ago Today: Remembering the ILoveYou Virus
News  |  5/5/2020  | 
The worm infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.
SMB Security Catches Up to Large Companies, Data Shows
News  |  5/4/2020  | 
Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.
Zoom Installers Used to Spread WebMonitor RAT
Quick Hits  |  5/4/2020  | 
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Ed-Tech Company Chegg Suffers Third Breach Since 2018
Quick Hits  |  4/30/2020  | 
The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
86% of Companies Report Network Disruption Amid Remote Work Shift
News  |  4/29/2020  | 
Nearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.
Microsoft Warns of Malware Hidden in Pirated Film Files
Quick Hits  |  4/29/2020  | 
An active campaign inserts malicious VBScript into ZIP files posing as downloads for "John Wick 3," "Contagion," and other popular movies.
Web Shells Continue to Threaten
News  |  4/29/2020  | 
A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
News  |  4/29/2020  | 
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Rapid7 Announces Plan to Buy DivvyCloud
Quick Hits  |  4/28/2020  | 
The purchase will boost Rapid7's multicloud capabilities.
Security Pros Reassigned to IT Tasks in Coronavirus Pandemic
Quick Hits  |  4/28/2020  | 
Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13616
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
CVE-2020-13614
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
CVE-2020-13615
PUBLISHED: 2020-05-26
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.
CVE-2020-9046
PUBLISHED: 2020-05-26
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.
CVE-2020-12388
PUBLISHED: 2020-05-26
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.