Vulnerabilities / Threats

News & Commentary
Businesses Manage 9.7PB of Data but Struggle to Protect It
Kelly Sheridan, Staff Editor, Dark ReadingNews
What's more, their attempts to secure it may be putting information at risk, a new report finds.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Hacker AI vs. Enterprise AI: A New Threat
Satish Abburi, Founder of Elysium AnalyticsCommentary
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
By Satish Abburi Founder of Elysium Analytics, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Google Photos Bug Let Criminals Query Friends, Location
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Less Than 3% of Recycled Computing Devices Properly Wiped
Steve Zurier, Freelance WriterNews
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
By Steve Zurier Freelance Writer, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Dark Reading Staff, Quick Hits
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
By Dark Reading Staff , 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Office Dominates Most Exploited List
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Case of the Missing Data
Mike McKee, CEO of ObserveITCommentary
The latest twist in the Equifax breach has serious implications for organizations.
By Mike McKee CEO of ObserveIT, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDLCommentary
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
By Alex Haynes Chief Information Security Officer, CDL, 3/19/2019
Comment3 comments  |  Read  |  Post a Comment
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
Anomaly Detection Techniques: Defining Normal
Rosaria Silipo, Ph.D., Principal Data Scientist, KNIMECommentary
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
By Rosaria Silipo Ph.D., Principal Data Scientist, KNIME, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Businesses Increase Investments in AI and Machine Learning
Dark Reading Staff, Quick Hits
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
By Dark Reading Staff , 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18913
PUBLISHED: 2019-03-21
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location with...
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.