Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Critical Firefox Vuln Used in Targeted Attacks
Dark Reading Staff, Quick Hits
Mozilla has released patches for the bug reported by Coinbase.
By Dark Reading Staff , 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Verizon Media, Uber, PayPal Top List of Companies Paying Bug Bounties
Dark Reading Staff, Quick Hits
A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.
By Dark Reading Staff , 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Serverless Computing from the Inside Out
Joe Vadakkan, Global Cloud Security Leader, Optiv SecurityCommentary
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
By Joe Vadakkan Global Cloud Security Leader, Optiv Security, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Cost per Cyberattack Jumps to $4.6M in 2019
Dark Reading Staff, Quick Hits
From 2018 to 2019, the percentage of cyberattacks costing $10 million or more nearly doubled, hitting 13%.
By Dark Reading Staff , 6/19/2019
Comment1 Comment  |  Read  |  Post a Comment
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Sam Bocetta, Security AnalystCommentary
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
By Sam Bocetta Security Analyst, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
Jai Vijayan, Contributing WriterNews
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
By Jai Vijayan Contributing Writer, 6/19/2019
Comment2 comments  |  Read  |  Post a Comment
Google Targets Deceptive Sites with New Chrome Tools
Dark Reading Staff, Quick Hits
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.
By Dark Reading Staff , 6/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Fraudulent Domains 'Hide in Plain Sight'
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2019
Comment1 Comment  |  Read  |  Post a Comment
New Decryptor Unlocks Latest Versions of Gandcrab
Dark Reading Staff, Quick Hits
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
By Dark Reading Staff , 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
Robert Lemos, Contributing WriterNews
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
By Robert Lemos Contributing Writer, 6/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Triton Attackers Seen Scanning US Power Grid Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/14/2019
Comment0 comments  |  Read  |  Post a Comment
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2019
Comment4 comments  |  Read  |  Post a Comment
Cyberattack Hits Aircraft Parts Manufacturer
Dark Reading Staff, Quick Hits
Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.
By Dark Reading Staff , 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
Congress Gives 'Hack Back' Legislation Another Try
Dark Reading Staff, Quick Hits
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
By Dark Reading Staff , 6/13/2019
Comment1 Comment  |  Read  |  Post a Comment
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
By Ericka Chickowski Contributing Writer, 6/13/2019
Comment4 comments  |  Read  |  Post a Comment
The Rise of 'Purple Teaming'
Joseph R. Salazar, Technical Marketing EngineerCommentary
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
By Joseph R. Salazar Technical Marketing Engineer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
BlueKeep RDP Vulnerability a Ticking Time Bomb
Jai Vijayan, Contributing WriterNews
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
By Jai Vijayan Contributing Writer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
SQL Injection Attacks Represent Two-Third of All Web App Attacks
Jai Vijayan, Contributing WriterNews
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
By Jai Vijayan Contributing Writer, 6/13/2019
Comment1 Comment  |  Read  |  Post a Comment
New Funding Values KnowBe4 at $1 Billion
Dark Reading Staff, Quick Hits
The $300 million investment is being led by KKR.
By Dark Reading Staff , 6/12/2019
Comment0 comments  |  Read  |  Post a Comment
Predicting Vulnerability Weaponization
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 6/12/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.