Risk

News & Commentary
Researchers Find New Fast-Acting Side-Channel Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Marap Malware Appears, Targeting Financial Sector
Dark Reading Staff, Quick Hits
A new form of modular downloader packs the ability to download other modules and payloads.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Exploring, Exploiting Active Directory Admin Flaws
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
By Kelly Sheridan Staff Editor, Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Staff, CommentaryVideo
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging the Power of your End-Users Human Cognition
Dark Reading Staff, CommentaryVideo
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The 5 Challenges of Detecting Fileless Malware Attacks
Travis Rosiek, Chief Technology and Strategy Officer, BluVector Commentary
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Active Third-Party Content the Bane of Web Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New reports shows many of the world's most popular sites serve up active content from risky sources.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018
Comment2 comments  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Instagram Hack: Hundreds Affected, Russia Suspected
Dark Reading Staff, Quick Hits
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment1 Comment  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AICommentary
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.