Vulnerabilities / Threats

News & Commentary
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Timehop Releases New Details About July 4 Breach
Dark Reading Staff, Quick Hits
Additional information includes PII affected and the authentication issue that led to the breach.
By Dark Reading Staff , 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Found Spectre Variants Bring New Concerns
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
Kelly Sheridan, Staff Editor, Dark ReadingNews
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Safe, Smart & Secure on S3
Eric Thomas, Director of Cloud, ExtraHopCommentary
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
By Eric Thomas Director of Cloud, ExtraHop, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
This Is How Much a 'Mega Breach' Really Costs
Kelly Sheridan, Staff Editor, Dark ReadingNews
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Major International Airport System Access Sold for $10 on Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment2 comments  |  Read  |  Post a Comment
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR InstituteCommentary
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
By Jack Jones Chairman, FAIR Institute, 7/11/2018
Comment3 comments  |  Read  |  Post a Comment
Apple Releases Wave of Security Updates
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft July Security Updates Mostly Browser-Related
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Asian APT Groups Most Active in Q2
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.
By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle to Build 'Security-First' Culture
Kelly Sheridan, Staff Editor, Dark ReadingNews
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2018
Comment1 Comment  |  Read  |  Post a Comment
For Data Thieves, the World Cup Runneth Over
Travis Jarae, Founder & CEO of One World IdentityCommentary
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
By Travis Jarae Founder & CEO of One World Identity, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Major International Airport System Access Sold for $10 on Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  7/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Cyberspace is much less secure than my old lamp.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14346
PUBLISHED: 2018-07-17
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
CVE-2018-14347
PUBLISHED: 2018-07-17
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
CVE-2018-13858
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13859
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newV...
CVE-2018-13860
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid...