Vulnerabilities / Threats

News & Commentary
Fraud Drops 76% for Merchants Using EMV, Says Visa
Dark Reading Staff, Quick Hits
A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.
By Dark Reading Staff , 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
Destructive 'VPNFilter' Attack Network Uncovered
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
What Should Post-Quantum Cryptography Look Like?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451Commentary
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
By Chris McDaniels Chief Information Security Officer of Mosaic451, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
6 Steps for Applying Data Science to Security
Steve Zurier, Freelance Writer
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
By Steve Zurier Freelance Writer, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Dark Reading Staff, Quick Hits
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
By Dark Reading Staff , 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
New Spectre Variants Add to Vulnerability Worries
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
Kelly Sheridan, Staff Editor, Dark ReadingNews
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
Jai Vijayan, Freelance writerNews
Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
By Jai Vijayan Freelance writer, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Battle Against Banks' Incident Response
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
ZipperDown Vulnerability Could Hit 10% of iOS Apps
Dark Reading Staff, Quick Hits
A newly discovered vulnerability could affect thousands of iOS apps -- and Android users may not be spared.
By Dark Reading Staff , 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
The State of Information Sharing 20 Years after the First White House Mandate
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
North Korean Defectors Targeted with Malicious Apps on Google Play
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
New BIND Vulnerabilities Threaten DNS Availability
Dark Reading Staff, Quick Hits
A pair of vulnerabilities in BIND could leave some organizations without DNS.
By Dark Reading Staff , 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
'Roaming Mantis' Android Malware Evolves, Expands Targets
Dark Reading Staff, Quick Hits
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
By Dark Reading Staff , 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, CybereasonCommentary
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
By Lital Asher-Dotan Senior Director, Security Research and Content, Cybereason, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff, Quick Hits
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
By Dark Reading Staff , 5/18/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10428
PUBLISHED: 2018-05-23
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVE-2018-6495
PUBLISHED: 2018-05-23
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to al...
CVE-2018-10653
PUBLISHED: 2018-05-23
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10654
PUBLISHED: 2018-05-23
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10648
PUBLISHED: 2018-05-23
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.