Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters
Jai Vijayan, Contributing WriterNews
With COVID-19 concerns running high, attackers are trying new tactics to get to users.
By Jai Vijayan Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Bad Bots Build Presence Across the Web
Dark Reading Staff, Quick Hits
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Hacker's Perspective on Securing VPNs As You Go Remote
David Commentary
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
By David "Moose" Wolpoff Co-founder and CTO of Randori, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
New Magecart Skimmer Infects 19 Victim Websites
Dark Reading Staff, Quick Hits
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Best Practices to Manage Third-Party Cyber-Risk Today
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Leverage Excel File Encryption to Deliver Malware
Jai Vijayan, Contributing WriterNews
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
By Jai Vijayan Contributing Writer, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Alerts Healthcare to Human-Operated Ransomware
Dark Reading Staff, News
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
By Dark Reading Staff , 4/1/2020
Comment1 Comment  |  Read  |  Post a Comment
The SOC Emergency Room Faces Malware Pandemic
Avi Chesla, CEO and Founder, empowCommentary
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
By Avi Chesla CEO and Founder, empow, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack
Jai Vijayan, Contributing WriterNews
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
By Jai Vijayan Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Why Third-Party Risk Management Has Never Been More Important
Jake Olcott, VP of Communications & Government Affairs, Bitsight TechnologiesCommentary
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
By Jake Olcott VP of Communications & Government Affairs, Bitsight Technologies, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
Jai Vijayan, Contributing WriterNews
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
By Jai Vijayan Contributing Writer, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Untangling Third-Party Risk (and Fourth, and Fifth...)
Curtis Franklin Jr., Senior Editor at Dark Reading
Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness ProgramCommentary
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff, Quick Hits
Victims are being enticed to insert an unknown USB drive into their computers.
By Dark Reading Staff , 3/27/2020
Comment11 comments  |  Read  |  Post a Comment
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
Robert Lemos, Contributing WriterNews
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
By Robert Lemos Contributing Writer, 3/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Version of 'Justice League' Launches to Fight COVID-19 Related Hacks
Jai Vijayan, Contributing WriterNews
Goal is to help organizations especially healthcare entities protect against cybercriminals trying to take advantage of the pandemic.
By Jai Vijayan Contributing Writer, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11498
PUBLISHED: 2020-04-02
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistenc...
CVE-2020-11499
PUBLISHED: 2020-04-02
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
CVE-2020-7628
PUBLISHED: 2020-04-02
install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function.
CVE-2020-7629
PUBLISHED: 2020-04-02
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7630
PUBLISHED: 2020-04-02
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.