Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Kmart Hit by Egregor Ransomware
Dark Reading Staff, Quick Hits
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
By Dark Reading Staff , 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain
Jai Vijayan, Contributing WriterNews
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
TrickBot's New Tactic Threatens Firmware
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover New Obfuscation-As-a-Service Platform
Ericka Chickowski, Contributing WriterNews
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
By Ericka Chickowski Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Bypass Next-Generation Endpoint Protection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Michele Commentary
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
By Michele "MB" Bettencourt Executive Chairperson, Corelight, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Dark Reading Staff, Quick Hits
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
By Dark Reading Staff , 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Avi Shua, Co-Founder, Orca SecurityCommentary
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
By Avi Shua Co-Founder, Orca Security, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Call Fraud Operator Ordered to Pay $9M to Victims
Dark Reading Staff, Quick Hits
Indian national will serve 20 years in prison for running a large call center fraud operation.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
Dark Reading Staff, News
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
Maxine Holt, Research Director, OmdiaCommentary
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
By Maxine Holt Research Director, Omdia, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Baltimore County Public Schools Closed Due to Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Computer Maker Confirms Ransomware, Data Theft
Dark Reading Staff, Quick Hits
Advantech reports the stolen data was confidential but did not contain high-value documents.
By Dark Reading Staff , 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Akshay Bhargava, Chief Product Officer at MalwarebytesCommentary
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
By Akshay Bhargava Chief Product Officer at Malwarebytes, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing WriterNews
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
By Robert Lemos Contributing Writer, 11/25/2020
Comment1 Comment  |  Read  |  Post a Comment
How Ransomware Defense Is Evolving With Ransomware Attacks
Joan Goodchild, Contributing Writer
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
By Joan Goodchild Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Warns of Holiday Online Shopping Scams
Dark Reading Staff, Quick Hits
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
By Dark Reading Staff , 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by fixitcamp
Current Conversations FGPA should be FPGA
In reply to: Typo
Post Your Own Reply
More Conversations
PR Newswire
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...