Threat Intelligence

News & Commentary
When Every Attack Is a Zero Day
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
Steve Zurier, Freelance WriterNews
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
By Steve Zurier Freelance Writer, 4/23/2019
Comment1 Comment  |  Read  |  Post a Comment
WannaCry Hero Hutchins Pleads Guilty to Malware Charges
Kelly Sheridan, Staff Editor, Dark ReadingNews
Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.
By Kelly Sheridan Staff Editor, Dark Reading, 4/22/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Dark Reading Staff, Quick Hits
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
APT34 Toolset, Victim Data Leaked via Telegram
Dark Reading Staff, Quick Hits
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Free Princeton Application Provides IoT Traffic Insight
Dark Reading Staff, Quick Hits
The application developed by a research group allows users to spot possible IoT security problems.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
By Darren Anstee Chief Technology Officer at Arbor Networks, 4/19/2019
Comment3 comments  |  Read  |  Post a Comment
Third-Party Cyber-Risk by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
Robert Lemos, Technology Journalist/Data ResearcherNews
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
By Robert Lemos , 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Automation Paradox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
By Kelly Sheridan Staff Editor, Dark Reading, 4/17/2019
Comment3 comments  |  Read  |  Post a Comment
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
Robert Lemos, Technology Journalist/Data ResearcherNews
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
By Robert Lemos Technology Journalist/Data Researcher, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Inside the Dark Web's How-To Guides for Teaching Fraud
Dark Reading Staff, Quick Hits
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
By Dark Reading Staff , 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Freelance writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Freelance writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Decoding a 'New' Elite Cyber Espionage Team
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Meet Scranos: New Rootkit-Based Malware Gains Confidence
Kelly Sheridan, Staff Editor, Dark ReadingNews
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
IT Outsourcing Firm Wipro Investigates Data Breach
Dark Reading Staff, Quick Hits
Employee accounts may have been compromised in a sophisticated phishing campaign.
By Dark Reading Staff , 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
New Details Emerge on Windows Zero Day
Kelly Sheridan, Staff Editor, Dark ReadingNews
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
By Kelly Sheridan Staff Editor, Dark Reading, 4/15/2019
Comment0 comments  |  Read  |  Post a Comment
The Single Cybersecurity Question Every CISO Should Ask
Arif Kareem, CEO, ExtraHopCommentary
The answer can lead to a scalable enterprise security solution for years to come.
By Arif Kareem CEO, ExtraHop, 4/15/2019
Comment1 Comment  |  Read  |  Post a Comment
This Week in Security Funding: Where the Money Went
Kelly Sheridan, Staff Editor, Dark ReadingNews
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.