Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
Sara Peters, Senior Editor at Dark ReadingNews
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
By Sara Peters Senior Editor at Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Target Young Gamers
Steve Zurier, Freelance WriterNews
Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.
By Steve Zurier Freelance Writer, 3/5/2019
Comment1 Comment  |  Read  |  Post a Comment
Care and Feeding of Your SIEM
Shane MacDougall, Senior Security Engineer at Mosaic451Commentary
Six simple steps to mitigate the grunt work and keep your organization safe.
By Shane MacDougall Senior Security Engineer at Mosaic451, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence: The Terminator of Malware
Chris Rouland, Co-Founder and Chief Executive Officer at Phosphorus CybersecurityCommentary
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
By Chris Rouland Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
In 2019, Cryptomining Just Might Have an Even Better Year
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
DIY Botnet Detection: Techniques and Challenges
Johnathan Azaria, Data Scientist and Security Researcher at ImpervaCommentary
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
By Johnathan Azaria Data Scientist and Security Researcher at Imperva, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Continue to Focus on Users, Well-Worn Techniques
Robert Lemos, Technology Journalist/Data ResearcherNews
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.
By Robert Lemos , 2/26/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Analysts Are Only Human
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/21/2019
Comment15 comments  |  Read  |  Post a Comment
9 Years After: From Operation Aurora to Zero Trust
Andy Ellis, Chief Security Officer, AkamaiCommentary
How the first documented nation-state cyberattack is changing security today.
By Andy Ellis Chief Security Officer, Akamai, 2/20/2019
Comment1 Comment  |  Read  |  Post a Comment
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Michelle Moore, Academic Director and Adjunct Professor, University of San DiegoCommentary
These programs are now an essential strategy in keeping the digital desperados at bay.
By Michelle Moore Academic Director and Adjunct Professor, University of San Diego, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
5 Expert Tips for Complying with the New PCI Software Security Framework
Rohit Sethi, COO of Security CompassCommentary
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
By Rohit Sethi COO of Security Compass, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from a Hard-Hitting Security Review
Jaspreet Singh, founder and CEO of DruvaCommentary
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
By Jaspreet Singh founder and CEO of Druva, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Identifying, Understanding & Combating Insider Threats
Ilan Paretsky, Chief Marketing Officer of EricomCommentary
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Security's Coming of Age Is Overdue
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 2/4/2019
Comment5 comments  |  Read  |  Post a Comment
Credential Compromises by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/25/2019
Comment0 comments  |  Read  |  Post a Comment
The Evolution of SIEM
Chetan Mundhada, Vice President of Sales at NETMONASTERYCommentary
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
By Chetan Mundhada Vice President of Sales at NETMONASTERY, 1/23/2019
Comment0 comments  |  Read  |  Post a Comment
Think Twice Before Paying a Ransom
Jadee Hanson, CISO and VP of Information Systems at Code42Commentary
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
By Jadee Hanson CISO and VP of Information Systems at Code42, 1/23/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.