Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Robert Lemos, Contributing WriterNews
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability in Wireless Router Chipsets Prompts Advisory
Dark Reading Staff, Quick Hits
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
By Dark Reading Staff , 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure
Robert Lemos, Contributing WriterNews
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 9/28/2020
Comment2 comments  |  Read  |  Post a Comment
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
Kelly Sheridan, Staff Editor, Dark ReadingNews
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Instagram Flaw Could Let Attackers Spy on Victims
Kelly Sheridan, Staff Editor, Dark ReadingNews
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Agrees to Acquire Preempt Security for $96M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.
By Dark Reading Staff , 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark ReadingNews
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing WriterNews
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
By Robert Lemos Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
India's Cybercrime and APT Operations on the Rise
Jai Vijayan, Contributing WriterNews
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.
By Jai Vijayan Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Azure Defender for IoT Uses CyberX Tech
Dark Reading Staff, Quick Hits
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
FBI, DHS Warn of 'Likely' Disinformation Campaigns About Election Results
Dark Reading Staff, Quick Hits
Nation-state actors and cybercriminals could wage cyberattacks and spread false information about the integrity of the election results while officials certify the final vote counts.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Small Manufacturing Firms
Robert Lemos, Contributing WriterNews
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
By Robert Lemos Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Programs See Signups & Payouts Surge
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Dark Reading Staff, Quick Hits
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by JohnHammond
Current Conversations Nice article!
In reply to: Great!
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...