News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Hackers Found Phishing for Facebook Credentials
Quick Hits  |  2/15/2019  | 
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
Staffing Shortage Makes Vulnerabilities Worse
Quick Hits  |  2/15/2019  | 
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
Windows Executable Masks Mac Malware
News  |  2/13/2019  | 
A new strain of MacOS malware hides inside a Windows executable to avoid detection.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Scammers Fall in Love with Valentine's Day
News  |  2/13/2019  | 
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Up to 100,000 Reported Affected in Landmark White Data Breach
News  |  2/12/2019  | 
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
Microsoft, Adobe Both Close More Than 70 Security Issues
News  |  2/12/2019  | 
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
2019 Security Spending Outlook
Slideshows  |  2/12/2019  | 
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
Client-Side DNS Attack Emerges From Academic Research
News  |  2/11/2019  | 
A new DNS cache poisoning attack is developed as part of the research toward a dissertation.
OkCupid Denies Data Breach Amid Account Hack Complaints
Quick Hits  |  2/11/2019  | 
Users on the dating website report hackers breaking into their accounts, changing email addresses, and resetting passwords.
US Law Enforcement Busts Romanian Online Crime Operation
News  |  2/8/2019  | 
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
New Zombie 'POODLE' Attack Bred from TLS Flaw
News  |  2/8/2019  | 
Citrix issues update for encryption weakness dogging the popular security protocol.
Malware Campaign Hides Ransomware in Super Mario Wrapper
Quick Hits  |  2/8/2019  | 
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
A Dog's Life: Dark Reading Caption Contest Winners
Commentary  |  2/8/2019  | 
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Commentary  |  2/8/2019  | 
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
Cyberattack Hits Australian Parliament
Quick Hits  |  2/8/2019  | 
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.
4 Payment Security Trends for 2019
Commentary  |  2/7/2019  | 
Visa's chief risk officer anticipates some positive changes ahead.
Security Bugs in Video Chat Tools Enable Remote Attackers
News  |  2/7/2019  | 
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Commentary  |  2/7/2019  | 
When there's a DDoS attack against your voice network, are you ready to fight against it?
New Chrome Extension Takes Aim at Password Security
News  |  2/6/2019  | 
Google adds 'Password Checkup' feature that alerts users if their online credentials have been compromised.
Attacks on Automotive Systems Feared Likely
Quick Hits  |  2/6/2019  | 
Yet few engineers feel empowered to do anything about them, a survey shows.
Google Tackles Gmail Spam with Tensorflow
News  |  2/6/2019  | 
Tensorflow, Google's open-source machine learning framework, has been used to block 100 million spam messages.
Consumers Care About Security - Sometimes
Quick Hits  |  2/6/2019  | 
New RSA Security survey shows a generation gap in concerns over cybersecurity and privacy.
4 Practical Questions to Ask Before Investing in AI
Commentary  |  2/6/2019  | 
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
Commentary  |  2/6/2019  | 
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
7 Tips for Communicating with the Board
Slideshows  |  2/6/2019  | 
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
News  |  2/5/2019  | 
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
Mitigating the Security Risks of Cloud-Native Applications
Commentary  |  2/5/2019  | 
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
New Vulnerabilities Make RDP Risks Far from Remote
News  |  2/5/2019  | 
More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.
Over 59K Data Breaches Reported in EU Under GDPR
Quick Hits  |  2/5/2019  | 
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms
Quick Hits  |  2/5/2019  | 
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.
Taming the Wild, West World of Security Product Testing
Commentary  |  2/5/2019  | 
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
New Botnet Shows Evolution of Tech and Criminal Culture
News  |  2/4/2019  | 
Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.
Exposed Consumer Data Skyrocketed 126% in 2018
News  |  2/4/2019  | 
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
6 Security Tips Before You Put a Digital Assistant to Work
Slideshows  |  2/4/2019  | 
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
Researchers Devise New Method of Intrusion Deception for SDN
News  |  2/4/2019  | 
Team from University of Missouri take wraps off Dolus, a system defense using pretense which they say will help defend software-defined networking (SDN) cloud infrastructure.
Facebook Struggles in Privacy Class-Action Lawsuit
Quick Hits  |  2/4/2019  | 
Facebook's privacy disclosures "are quite vague" and should have been made more prominent, a federal judge argued.
IoT Security's Coming of Age Is Overdue
Commentary  |  2/4/2019  | 
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
Page 1 / 2   >   >>


Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...