Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Sophos for Sale: Thoma Bravo Offers $3.9B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Tamper Protection Arrives for Microsoft Defender ATP
Dark Reading Staff, Quick Hits
The feature, designed to block unauthorized changes to security features, is now generally available.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
When Using Cloud, Paranoia Can Pay Off
Robert Lemos, Contributing WriterNews
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
By Robert Lemos Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
iTunes Zero-Day Exploited to Deliver BitPaymer
Kelly Sheridan, Staff Editor, Dark ReadingNews
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Snaps Up ChameleonX to Tackle Magecart
Dark Reading Staff, Quick Hits
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Hide Behind Trusted Domains, HTTPS
Robert Lemos, Contributing WriterNews
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
By Robert Lemos Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Attack on Volusion Highlights Supply Chain Dangers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Security Tool Sprawl Reaches Tipping Point
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
USB Drive Security Still Lags
Dark Reading Staff, Quick Hits
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
By Dark Reading Staff , 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Issues 9 Critical Security Patches
Kelly Sheridan, Staff Editor, Dark ReadingNews
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Business Email Compromise Attacks Spike 269%
Dark Reading Staff, Quick Hits
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
By Dark Reading Staff , 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
Kelly Sheridan, Staff Editor, Dark ReadingNews
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
By Kelly Sheridan Staff Editor, Dark Reading, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Skimmers Spotted on 2M Websites
Dark Reading Staff, Quick Hits
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.
By Dark Reading Staff , 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Android 0-Day Seen Exploited in the Wild
Dark Reading Staff, Quick Hits
The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices.
By Dark Reading Staff , 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Link Magecart Group 4 to Cobalt Group
Kelly Sheridan, Staff Editor, Dark ReadingNews
Their findings demonstrate how Group 4 is likely conducting server-side skimming in addition to client-side activity.
By Kelly Sheridan Staff Editor, Dark Reading, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
20M Russians' Personal Tax Records Exposed in Data Leak
Dark Reading Staff, Quick Hits
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
By Dark Reading Staff , 10/3/2019
Comment1 Comment  |  Read  |  Post a Comment
New Silent Starling Attack Group Puts Spin on BEC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
Google's 'Password Checkup' Tool Tells You When Passwords Are Leaked
Dark Reading Staff, Quick Hits
The feature will check the strength of saved passwords and alert users when they're compromised in a breach.
By Dark Reading Staff , 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.