News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Lazarus Group Targets Bitcoin Company
Quick Hits  |  12/15/2017  | 
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
News  |  12/15/2017  | 
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Is Your Security Workflow Backwards?
Commentary  |  12/15/2017  | 
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
BlueBorne Attack Highlights Flaws in Linux, IoT Security
News  |  12/14/2017  | 
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017  | 
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Malware Decompiler Tool Goes Open Source
News  |  12/13/2017  | 
Avast's RetDec machine-code decompiler now available for free on Github.
80% of Americans Admit to Risky Cybersecurity Behaviors
Quick Hits  |  12/13/2017  | 
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
Healthcare Faces Poor Cybersecurity Prognosis
News  |  12/13/2017  | 
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
News  |  12/13/2017  | 
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
Automation Could Be Widening the Cybersecurity Skills Gap
Commentary  |  12/13/2017  | 
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
Security Compliance: The Less You Spend the More You Pay
News  |  12/12/2017  | 
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Microsoft Azure AD Connect Flaw Elevates Employee Privilege
News  |  12/12/2017  | 
An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Only 5% of Business Leaders Rethought Security After Equifax
Quick Hits  |  12/12/2017  | 
Corporate leaders know little about common security threats like ransomware and phishing, driving their risk for attack.
8 Out of 10 Employees Use Unencrypted USB Devices
Quick Hits  |  12/12/2017  | 
Security policies for USB drivers are severely outdated or inadequate, a report finds.
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
News  |  12/12/2017  | 
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Quick Hits  |  12/8/2017  | 
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
Android Ransomware Kits on the Rise in the Dark Web
News  |  12/7/2017  | 
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017  | 
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
News  |  12/7/2017  | 
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Quick Hits  |  12/7/2017  | 
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
NIST Releases New Cybersecurity Framework Draft
News  |  12/6/2017  | 
Updated version includes changes to some existing guidelines - and adds some new ones.
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Quick Hits  |  12/6/2017  | 
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
Most Retailers Haven't Fully Tested Their Breach Response Plans
Quick Hits  |  12/6/2017  | 
More than 20% lack a breach response plan altogether, a new survey shows.
Why Cybersecurity Must Be an International Effort
News  |  12/6/2017  | 
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
News  |  12/6/2017  | 
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017  | 
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Study: Simulated Attacks Uncover Real-World Problems in IT Security
News  |  12/5/2017  | 
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Bitcoin Sites Become Hot Targets for DDoS Attacks
News  |  12/5/2017  | 
The Bitcoin industry is now one of the top 10 most-targeted industries for DDoS campaigns. Price manipulation could be one goal, Imperva says.
6 Personality Profiles of White-Hat Hackers
Slideshows  |  12/5/2017  | 
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking most just like the challenge.
Android Developer Tools Contain Vulnerabilities
Quick Hits  |  12/5/2017  | 
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Commentary  |  12/5/2017  | 
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
NSA Employee Pleads Guilty to Illegally Retaining National Defense Secrets
News  |  12/4/2017  | 
Nghia Hoang Pho faces up to eight years in prison for removing highly classified NSA data from workplace and storing it at home.
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
Quick Hits  |  12/4/2017  | 
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017  | 
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
News  |  12/4/2017  | 
Researcher to reveal IoT medical device dangers at Black Hat Europe this week.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017  | 
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
Security Geek Gift Guide
Slideshows  |  12/1/2017  | 
Fun gifts for cybersecurity co-workers and bosses alike.
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
News  |  12/1/2017  | 
'The world as we know it will vanish,' according to Jerry Archer.
'Blocking and Tackling' in the New Age of Security
News  |  12/1/2017  | 
In a pep talk to CISOs, the chief security strategist at PSCU advises teams to prioritize resilience in addition to security.
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Page 1 / 2   >   >>


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.