Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Research Casts Doubt on Value of Threat Intel Feeds
Robert Lemos, Contributing WriterNews
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.
By Robert Lemos Contributing Writer, 8/14/2020
Comment0 comments  |  Read  |  Post a Comment
IcedID Shows Obfuscation Sophistication in New Campaign
Dark Reading Staff, Quick Hits
The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.
By Dark Reading Staff , 8/14/2020
Comment0 comments  |  Read  |  Post a Comment
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Dark Reading Staff, Quick Hits
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
By Dark Reading Staff , 8/14/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Warns of Phishing Campaign with Loan-Relief Lure
Dark Reading Staff, Quick Hits
Phishing emails and fake website promise help with the Small Business Administration's program that aids those affected by COVID-19.
By Dark Reading Staff , 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing WriterNews
Breach disclosures are down, and reported ransomware attacks have also plummeted. Good news -- or a calm before the storm?
By Robert Lemos Contributing Writer, 8/13/2020
Comment1 Comment  |  Read  |  Post a Comment
Business Email Compromise Attacks Involving MFA Bypass Increase
Jai Vijayan, Contributing WriterNews
Adversaries are using legacy email clients to access and take over accounts protected with strong authentication, Abnormal Security says.
By Jai Vijayan Contributing Writer, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
RedCurl APT Group Hacks Global Companies for Corporate Espionage
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
The Race to Hack a Satellite at DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
NSA & FBI Disclose New Russian Cyberespionage Malware
Dark Reading Staff, Quick Hits
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
By Dark Reading Staff , 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Return Brings New Tactics & Evasion Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
SANS Security Training Firm Hit with Data Breach
Dark Reading Staff, Quick Hits
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Patrick Carey, Vice President Product Management, ExopriseCommentary
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
By Patrick Carey Vice President Product Management, Exoprise, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Trick Facial-Recognition Systems
Jai Vijayan, Contributing WriterNews
Goal was to see if computer-generated images that look like one person would get classified as another person.
By Jai Vijayan Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
EU-US Privacy Shield Dissolution: What Happens Next?
Sam Curry, CSO, CybereasonCommentary
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
By Sam Curry CSO, Cybereason, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
How to Help Spoil the Cybercrime Economy
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
By Marc Wilczek Digital Strategist & COO of Link11, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Gamifying Password Training Shows Security Benefits
Robert Lemos, Contributing WriterNews
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
By Robert Lemos Contributing Writer, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Better Business Bureau Warns of New Visa Scam
Dark Reading Staff, Quick Hits
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.
By Dark Reading Staff , 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Q2 DDoS Attacks Triple Year Over Year: Report
Dark Reading Staff, Quick Hits
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.
By Dark Reading Staff , 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Reddit Attack Defaces Dozens of Channels
Dark Reading Staff, Quick Hits
The attack has defaced the channels with images and content supporting Donald Trump.
By Dark Reading Staff , 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.