Vulnerabilities / Threats //

Advanced Threats

News & Commentary
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Oege de Moor, CEO and Co-Founder at SemmleCommentary
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
By Oege de Moor CEO and Co-Founder at Semmle, 11/8/2018
Comment1 Comment  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIPCommentary
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
By Jonathan Zhang CEO/Founder of WhoisXML API and TIP, 11/7/2018
Comment2 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Tackling Cybersecurity from the Inside Out
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
New online threats require new solutions.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/2/2018
Comment0 comments  |  Read  |  Post a Comment
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Sara Peters, Senior Editor at Dark ReadingNews
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
By Sara Peters Senior Editor at Dark Reading, 10/31/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Steps for Creating Strong Customer Authentication
Marco Lafrentz, VP of ICMS and CPaaS Business Line at tyntecCommentary
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
By Marco Lafrentz VP of ICMS and CPaaS Business Line at tyntec, 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec Is Dead, but Software Security Is Alive & Well
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
Application security must be re-envisioned to support software security. It's time to shake up your processes.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 10/29/2018
Comment2 comments  |  Read  |  Post a Comment
3 Keys to Reducing the Threat of Ransomware
Joe Merces, CEO at Cloud DaddyCommentary
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
By Joe Merces CEO at Cloud Daddy, 10/26/2018
Comment9 comments  |  Read  |  Post a Comment
Tackling Supply Chain Threats
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
By Ang Cui Founder & CEO, Red Balloon Security, 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
Benefits of DNS Service Locality
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime-as-a-Service: No End in Sight
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
A Cybersecurity Weak Link: Linux and IoT
Migo Kedem, Senior Director of Products and Marketing at SentinelOneCommentary
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
By Migo Kedem Senior Director of Products and Marketing at SentinelOne, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Amit Sethi, Senior Principal Consultant at SynopsysCommentary
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
By Amit Sethi Senior Principal Consultant at Synopsys, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
Not All Multifactor Authentication Is Created Equal
Alexandre Cagnoni, Director of Authentication at WatchGuard TechnologiesCommentary
Users should be aware of the strengths and weaknesses of the various MFA methods.
By Alexandre Cagnoni Director of Authentication at WatchGuard Technologies, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Stop Saying 'Digital Pearl Harbor'
Dave Weinstein, VP of Threat Research, Claroty Commentary
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
By Dave Weinstein VP of Threat Research, Claroty , 10/2/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Keep Up Security in a Bug-Infested World
Matt Watchinski, Senior Director of Threat Intelligence at CiscoCommentary
Good digital hygiene will lower your risk, and these six tips can help.
By Matt Watchinski Senior Director of Threat Intelligence at Cisco, 9/27/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RobertBetancourtt
Current Conversations great
In reply to: great
Post Your Own Reply
More Conversations
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2476
PUBLISHED: 2018-11-13
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
CVE-2018-2477
PUBLISHED: 2018-11-13
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2478
PUBLISHED: 2018-11-13
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands execut...