Dark Reading

Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks

03/08/2018
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.

McAfee Closes Acquisition of VPN Provider TunnelBear

03/08/2018
This marks McAfee's second acquisition since its spinoff from Intel last year.

Putting the S in SDLC: Do You Know Where Your Data Is?

03/08/2018
Data represents the ultimate attack surface. Avoid major data breaches (and splashy headlines) by keeping track of where your data is.

Cybersecurity Gets Added to the M&A Lexicon

03/08/2018
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

How Guccifer 2.0 Got 'Punk'd' by a Security Researcher

03/08/2018
Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the 'unsupervised cutout' who shared with him more stolen DCCC documents.

Intel SGX Can Be Used to Hide, Execute Malware

03/07/2018
The microprocessor giant's Software Guard Extensions security feature can be abused to implement virtually undetectable malware, Graz University researchers say.

Researchers Defeat Android OEMs' Security Mitigations

03/07/2018
At Black Hat Asia, two security experts will bypass security improvements added to Android by equipment manufacturers.

Group-IB Helps Suspend Ukrainian DDoS Attack Group

03/07/2018
This case marks the first successful prosecution of cybercriminals in Ukraine, the organization reports.

Privilege Abuse Attacks: 4 Common Scenarios

03/07/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.

Memcached DDoS Attack: Kill Switch, New Details Disclosed

03/07/2018
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.

Why Security-Driven Companies Are More Successful

03/07/2018
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.

Design Weakness in Microsoft CFG Allows Complete Bypass

03/06/2018
Researchers from Italy's University of Padua will demo a new technique to evade Control Flow Guard, the widely deployed security mechanism, at Black Hat Asia.

Identity Management: Where It Stands, Where It's Going

03/06/2018
How companies are changing the approach to identity management as people become increasingly digital.

Connected Cars Pose New Security Challenges

03/06/2018
The auto industry should seize the opportunity and get in front of this issue.

Second Ransomware Round Hits Colorado DOT

03/06/2018
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks.

Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'

03/06/2018
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.

Insider Threat Seriously Undermining Healthcare Cybersecurity

03/05/2018
Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.

More Security Vendors Putting 'Skin in the Game'

03/05/2018
Secure messaging and collaboration provider Wickr now publicly shares security testing details of its software.

6 Questions to Ask Your Cloud Provider Right Now

03/05/2018
Experts share the security-focused issues all businesses should explore when researching and using cloud services.

CERT.org Goes Away, Panic Ensues

03/05/2018
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.