Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Safeguarding Schools Against RDP-Based Ransomware
Commentary  |  9/28/2020  | 
How getting online learning right today will protect schools, and the communities they serve, for years to come.
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
News  |  9/25/2020  | 
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
My Journey Toward SAP Security
Commentary  |  9/23/2020  | 
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
Attackers Target Small Manufacturing Firms
News  |  9/22/2020  | 
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
'Dark Overlord' Cyber Extortionist Pleads Guilty
Quick Hits  |  9/21/2020  | 
Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Deadly Ransomware Story Continues to Unfold
Quick Hits  |  9/18/2020  | 
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
Deepfake Detection Poses Problematic Technology Race
News  |  9/18/2020  | 
Experts hold out little hope for a robust technical solution in the long term.
Mitigating Cyber-Risk While We're (Still) Working from Home
Commentary  |  9/18/2020  | 
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
News  |  9/17/2020  | 
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Ransomware Gone Awry Has Fatal Consequences
Quick Hits  |  9/17/2020  | 
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
News  |  9/16/2020  | 
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
DDoS Attacks Rose 151% in First Half of 2020
Quick Hits  |  9/16/2020  | 
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
US Charges Five Members of China-Linked APT41 for Global Attacks
Quick Hits  |  9/16/2020  | 
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Meet the Computer Scientist Who Helped Push for Paper Ballots
News  |  9/16/2020  | 
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Rethinking Resilience: Tips for Your Disaster Recovery Plan
News  |  9/15/2020  | 
As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.
More Cyberattacks in the First Half of 2020 Than in All of 2019
News  |  9/15/2020  | 
The pandemic-related shift to remote work and the growing availability of ransomware-as-a-service were two major drivers, CrowdStrike says.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
E-Commerce Sites Hit With New Attack on Magento
Quick Hits  |  9/14/2020  | 
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
Ransomware Hits US District Court in Louisiana
Quick Hits  |  9/14/2020  | 
The ransomware attack has exposed internal documents from the court and knocked its website offline.
Virginia's Largest School System Hit With Ransomware
Quick Hits  |  9/14/2020  | 
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
More Printers Could Mean Security Problems for Home-Bound Workers
News  |  9/14/2020  | 
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time
News  |  9/11/2020  | 
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.
Cyber-Risks Explode With Move to Telehealth Services
News  |  9/10/2020  | 
The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
US Sanctions Russian Attackers for 2020 Election Interference
News  |  9/10/2020  | 
The move comes as Microsoft publishes research on attack groups and activity attempting to target the Biden and Trump campaigns.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Commentary  |  9/10/2020  | 
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Commentary  |  9/10/2020  | 
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
Ransomware Attacks Disrupt School Reopenings
News  |  9/9/2020  | 
A flurry of recent attacks is complicating attempts to deliver classes online at some schools in different parts of the country.
Legality of Security Research to Be Decided in US Supreme Court Case
News  |  9/9/2020  | 
A ruling that a police officer's personal use of a law enforcement database is "hacking" has security researchers worried for the future.
Meet the Middlemen Who Connect Cybercriminals With Victims
News  |  9/9/2020  | 
An analysis of initial access brokers explains how they break into vulnerable organizations and sell their access for up to $10,000.
Inova Suffers Third-Party Data Breach
Quick Hits  |  9/9/2020  | 
The breach occurred as part of a ransomware attack against service provider Blackbaud.
Multiparty Encryption Allows Companies to Solve Security-Data Conundrum
News  |  9/9/2020  | 
An interdisciplinary research team constructs a way for companies to share breach data without revealing specific details that could exposes businesses to legal risk.
WordPress Plug-in Has Critical Zero-Day
Quick Hits  |  9/8/2020  | 
The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.
VPNs: The Cyber Elephant in the Room
Commentary  |  9/8/2020  | 
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
DDoS Attacks on Education Escalate in 2020
Quick Hits  |  9/4/2020  | 
The number of DDoS attacks affecting educational resources was far higher between February and June 2020 compared with 2019.
Warner Music Group Admits Breach
Quick Hits  |  9/4/2020  | 
The months-long breach hit financial details for customers.
Strategic Cyber Warfare Heats Up
News  |  9/4/2020  | 
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
Evilnum APT Group Employs New Python RAT
News  |  9/3/2020  | 
The PyVil remote access Trojan enables attackers to exfiltrate data, perform keylogging, take screenshots, and deploy tools for credential theft.
Typosquatting Intensifies Ahead of US Election
Quick Hits  |  9/3/2020  | 
Mistyped URLs can mean more than inconvenience when a candidate's name is involved.
New Email-Based Malware Campaigns Target Businesses
Quick Hits  |  9/3/2020  | 
Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.
Fake Data and Fake Information: A Treasure Trove for Defenders
Commentary  |  9/3/2020  | 
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
New Jersey Man Sentenced to 7+ Years for Cyber Breaking & Entering
Quick Hits  |  9/2/2020  | 
The man installed keyloggers, stealing credentials and information on emerging technology development.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme Network,  9/25/2020
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, Americas,  9/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...