Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
Jai Vijayan, Contributing WriterNews
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
By Jai Vijayan Contributing Writer, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Data Center Provider CyrusOne Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a Botnet? Researchers Spy on Geost Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
Jai Vijayan, Contributing WriterNews
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
By Jai Vijayan Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Continue to Exploit Outlook Home Page Flaw
Robert Lemos, Contributing WriterNews
FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
TrickBot Expands in Japan Ahead of the Holidays
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Smith & Wesson Is Magecart's Latest Target
Dark Reading Staff, Quick Hits
Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
By Dark Reading Staff , 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Leveraging the Cloud for Cyber Intelligence
Paul Kurtz, Co-Founder and Executive Chairman of TruSTARCommentary
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
By Paul Kurtz Co-Founder and Executive Chairman of TruSTAR, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Data from 21M Mixcloud Users Compromised in Breach
Dark Reading Staff, Quick Hits
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
By Dark Reading Staff , 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
3 Modern Myths of Threat Intelligence
Anton Chuvakin, Head of Security Solution Strategy, ChronicleCommentary
More intelligence does not lead to more security. Here's why.
By Anton Chuvakin Head of Security Solution Strategy, Chronicle, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
Google Details Its Responses to Cyber Attacks, Disinformation
Dark Reading Staff, Quick Hits
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
By Dark Reading Staff , 11/27/2019
Comment2 comments  |  Read  |  Post a Comment
On the Border Warns of Data Breach
Dark Reading Staff, Quick Hits
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
By Dark Reading Staff , 11/26/2019
Comment3 comments  |  Read  |  Post a Comment
DDoS: An Underestimated Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/26/2019
Comment6 comments  |  Read  |  Post a Comment
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Dark Reading Staff, Quick Hits
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
By Dark Reading Staff , 11/26/2019
Comment0 comments  |  Read  |  Post a Comment
T-Mobile Prepaid Hit by Significant Data Breach
Dark Reading Staff, Quick Hits
The breach, estimated to have affected more than a million customers, came from malicious external actors.
By Dark Reading Staff , 11/25/2019
Comment1 Comment  |  Read  |  Post a Comment
They See You When You're Shopping: Holiday Cybercrime Starts Early
Dark Reading Staff, Quick Hits
Researchers notice year-end phishing attacks starting in July and ramping up in September.
By Dark Reading Staff , 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...