Vulnerabilities / Threats

News & Commentary
Microsoft Office Dominates Most Exploited List
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Case of the Missing Data
Mike McKee, CEO of ObserveITCommentary
The latest twist in the Equifax breach has serious implications for organizations.
By Mike McKee CEO of ObserveIT, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDLCommentary
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
By Alex Haynes Chief Information Security Officer, CDL, 3/19/2019
Comment3 comments  |  Read  |  Post a Comment
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
Anomaly Detection Techniques: Defining Normal
Rosaria Silipo, Ph.D., Principal Data Scientist, KNIMECommentary
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
By Rosaria Silipo Ph.D., Principal Data Scientist, KNIME, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Businesses Increase Investments in AI and Machine Learning
Dark Reading Staff, Quick Hits
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
By Dark Reading Staff , 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Shows Marketing Polish
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
GPS Spoof Hits Geneva Motor Show
Dark Reading Staff, Quick Hits
Incident leaves GPS units showing a location in England and a date 17 years in the future.
By Dark Reading Staff , 3/13/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Rosaria Silipo, Ph.D., Principal Data Scientist, KNIMECommentary
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
By Rosaria Silipo Ph.D., Principal Data Scientist, KNIME, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Dark Reading Staff, Quick Hits
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
By Dark Reading Staff , 3/13/2019
Comment1 Comment  |  Read  |  Post a Comment
There May Be a Ceiling on Vulnerability Remediation
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
Web Apps Are Becoming Less Secure
Jai Vijayan, Freelance writerNews
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
By Jai Vijayan Freelance writer, 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff, Quick Hits
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.