Vulnerabilities / Threats

News & Commentary
Ohio Man Sentenced to 15 Years for BEC Scam
Dark Reading Staff, Quick Hits
Olumuyiwa Adejumo and co-conspirators targeted CEOs, CFOs, and other enterprise leaders in the US with fraudulent emails.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, IncCommentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Compliance and Risk Management Officer, AvePoint, Inc, 8/20/2018
Comment2 comments  |  Read  |  Post a Comment
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Staff, CommentaryVideo
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
Researchers Find New Fast-Acting Side-Channel Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Using Threat Deception on Malicious Insiders
Dark Reading Staff, CommentaryVideo
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Marap Malware Appears, Targeting Financial Sector
Dark Reading Staff, Quick Hits
A new form of modular downloader packs the ability to download other modules and payloads.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Building Security into the DevOps Pipeline
Dark Reading Staff, CommentaryVideo
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Exploring, Exploiting Active Directory Admin Flaws
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
By Kelly Sheridan Staff Editor, Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Staff, CommentaryVideo
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Rise of Bespoke Ransomware
Dark Reading Staff, CommentaryVideo
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Necurs Botnet Goes Phishing for Banks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds MQTT Hole in IoT Defenses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A commonly used protocol provides a gaping backdoor when misconfigured.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Active Third-Party Content the Bane of Web Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New reports shows many of the world's most popular sites serve up active content from risky sources.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Awards $1M for Defense-Based Research
Dark Reading Staff, Quick Hits
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
By Dark Reading Staff , 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018
Comment2 comments  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Instagram Hack: Hundreds Affected, Russia Suspected
Dark Reading Staff, Quick Hits
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12579
PUBLISHED: 2018-08-20
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attac...
CVE-2018-14020
PUBLISHED: 2018-08-20
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one tha...
CVE-2018-14023
PUBLISHED: 2018-08-20
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
CVE-2018-1394
PUBLISHED: 2018-08-20
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.
CVE-2018-1517
PUBLISHED: 2018-08-20
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.