Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Robert Lemos, Contributing WriterNews
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Soar in First Half of 2020
Dark Reading Staff, Quick Hits
Shorter, faster, multivector attacks had a greater impact on victims.
By Dark Reading Staff , 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
New Campaign by China-Linked Group Targets US Orgs for First Time
Jai Vijayan, Contributing WriterNews
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.
By Jai Vijayan Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Matias Madou, CTO and co-founder, Secure Code WarriorCommentary
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
By Matias Madou CTO and co-founder, Secure Code Warrior, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure
Robert Lemos, Contributing WriterNews
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
Universal Health Services Network Down in Apparent Ransomware Attack
Dark Reading Staff, Quick Hits
UHS reportedly hit with ransomware that took down its network that supports hundreds of healthcare facilities and hospitals.
By Dark Reading Staff , 9/28/2020
Comment0 comments  |  Read  |  Post a Comment
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, AmericasCommentary
How getting online learning right today will protect schools, and the communities they serve, for years to come.
By James Lui Ericom Group CTO, Americas, 9/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
Kelly Sheridan, Staff Editor, Dark ReadingNews
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Small Manufacturing Firms
Robert Lemos, Contributing WriterNews
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
By Robert Lemos Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
'Dark Overlord' Cyber Extortionist Pleads Guilty
Dark Reading Staff, Quick Hits
Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Greater Cyber Resiliency
Andrew Rubin, CEO & Founder at IllumioCommentary
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
By Andrew Rubin CEO & Founder at Illumio, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Deepfake Detection Poses Problematic Technology Race
Robert Lemos, Contributing WriterNews
Experts hold out little hope for a robust technical solution in the long term.
By Robert Lemos Contributing Writer, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment1 Comment  |  Read  |  Post a Comment
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5132
PUBLISHED: 2020-09-30
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN au...
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...