News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
Looking Back and Thinking Ahead on Cyberwar, Nation-State Attacks
News  |  3/23/2018  | 
In the domain of cyber warfare, the effective strategies for fighting yesterday's cyberattacks will not work against tomorrow's, experts said.
Is Application Security Dead?
Commentary  |  3/22/2018  | 
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
US Federal Spending Bill Includes $380 Million for Securing Election Systems
Quick Hits  |  3/22/2018  | 
Spending bill includes election technology grants for states to shore up security of their voting systems, reports say.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018  | 
Syncing security and product development early is now a "must do."
7 Ways to Protect Against Cryptomining Attacks
Slideshows  |  3/22/2018  | 
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
GandCrab Ransomware Goes 'Agile'
News  |  3/21/2018  | 
GandCrab ransomware's developers have iterated the code rapidly, researchers found.
Puerto Rico's Electric Utility Hacked in Weekend Attack
Quick Hits  |  3/21/2018  | 
Service was disrupted but no customer records compromised, officials said.
How Serverless Computing Reshapes Security
Commentary  |  3/21/2018  | 
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Online Sandboxing: A Stash for Exfiltrated Data?
News  |  3/21/2018  | 
SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.
Cybersecurity Spring Cleaning: 3 Must-Dos for 2018
Partner Perspectives  |  3/21/2018  | 
Why 'Spectre' and 'Meltdown,' GDPR, and the Internet of Things are three areas security teams should declutter and prioritize in the coming months.
A Look at Cybercrime's Banal Nature
News  |  3/20/2018  | 
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.
Azure Guest Agent Design Enables Plaintext Password Theft
News  |  3/20/2018  | 
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
Hackers Steal Payment Card Data on 880K from Expedia Orbitz
Quick Hits  |  3/20/2018  | 
Expedia announces a breach exposing 880,000 customer records to the world.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
The Case for Integrating Physical Security & Cybersecurity
Commentary  |  3/20/2018  | 
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Slideshows  |  3/20/2018  | 
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
AMD Processor Flaws Real, But Limited
News  |  3/19/2018  | 
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens
Quick Hits  |  3/19/2018  | 
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Quick Hits  |  3/19/2018  | 
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018  | 
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018  | 
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018  | 
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018  | 
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018  | 
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018  | 
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New Hosted Service Lowers Barriers to Malware Distribution
News  |  3/14/2018  | 
BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.
77% of Businesses Lack Proper Incident Response Plans
News  |  3/14/2018  | 
New research shows security leaders have false confidence in their ability to respond to security incidents.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018  | 
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018  | 
An unnamed power company has consented to a record fine for leaving critical records exposed.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018  | 
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018  | 
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Patch Tuesday: Prioritize Browser Updates
Quick Hits  |  3/13/2018  | 
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018  | 
Israel-based firm says it found critical bugs in AMD's newest chip families.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018  | 
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018  | 
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018  | 
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018  | 
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018  | 
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Malware Leveraging PowerShell Grew 432% in 2017
News  |  3/12/2018  | 
Cryptocurrency mining and ransomware were other major threats.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018  | 
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018  | 
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018  | 
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018  | 
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
China's Vulnerability Database Altered to Hide Govt. Influence
News  |  3/9/2018  | 
Recorded Future says move designed to hide fact that CNNVD routinely delays publication of high-risk flaws so government can assess them for offensive use.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018  | 
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018  | 
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
Page 1 / 2   >   >>

The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
Is Application Security Dead?
Tyler Shields, VP of Marketing, Strategy & Partnerships, Signal Sciences,  3/22/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.