Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArkCommentary
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
By Shay Nahari Head of Red-Team Services at CyberArk, 7/16/2019
Comment0 comments  |  Read  |  Post a Comment
Is Machine Learning the Future of Cloud-Native Security?
Pawan Shankar, Senior Security Product Marketing Manager at SysdigCommentary
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
By Pawan Shankar Senior Security Product Marketing Manager at Sysdig, 7/15/2019
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Lack Cyber Resilience
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/11/2019
Comment0 comments  |  Read  |  Post a Comment
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, ProtegoCommentary
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
By Hillel Solow CTO and Co-founder, Protego, 7/11/2019
Comment4 comments  |  Read  |  Post a Comment
Persistent Threats Can Last Inside SMB Networks for Years
Steve Zurier, Contributing WriterNews
The average dwell time for riskware can be as much as 869 days.
By Steve Zurier Contributing Writer, 7/11/2019
Comment0 comments  |  Read  |  Post a Comment
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
Robert Lemos, Contributing WriterNews
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
By Robert Lemos Contributing Writer, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Security and Risk Mitigation
Derrick Johnson, National Practice Director for Secure Infrastructure Services at AT&T Cybersecurity ConsultingCommentary
Just because your data isn't on-premises doesn't mean you're not responsible for security.
By Derrick Johnson National Practice Director for Secure Infrastructure Services at AT&T Cybersecurity Consulting, 7/9/2019
Comment1 Comment  |  Read  |  Post a Comment
US Military Warns Companies to Look Out for Iranian Outlook Exploits
Robert Lemos, Contributing WriterNews
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
By Robert Lemos Contributing Writer, 7/3/2019
Comment3 comments  |  Read  |  Post a Comment
Cybersecurity Experts Worry About Satellite & Space Systems
Robert Lemos, Contributing WriterNews
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.
By Robert Lemos Contributing Writer, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
New Warning on Ryuk Ransomware
Dark Reading Staff, Quick Hits
Campaign throws in Emotet and Trickbot for good measure, according to the UK's National Cyber Security Centre.
By Dark Reading Staff , 7/1/2019
Comment0 comments  |  Read  |  Post a Comment
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Matthew Karnas, Cybersecurity & Risk Practice Lead at SilaCommentary
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
By Matthew Karnas Cybersecurity & Risk Practice Lead at Sila, 6/28/2019
Comment3 comments  |  Read  |  Post a Comment
How to Avoid Becoming the Next Riviera Beach
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 6/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Companies on Watch After US, Iran Claim Cyberattacks
Robert Lemos, Contributing WriterNews
With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries such as those in the oil and gas and financial industries need to bolster their security efforts, experts say.
By Robert Lemos Contributing Writer, 6/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
John Kindervag, Field CTO at Palo Alto NetworksCommentary
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
By John Kindervag Field CTO at Palo Alto Networks, 6/24/2019
Comment0 comments  |  Read  |  Post a Comment
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing WriterNews
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.
By Robert Lemos Contributing Writer, 6/21/2019
Comment2 comments  |  Read  |  Post a Comment
Patrolling the New Cybersecurity Perimeter
Tim Brown, Vice President of Security at SolarWindsCommentary
Remote work and other developments demand a shift to managing people rather than devices.
By Tim Brown Vice President of Security at SolarWinds, 6/21/2019
Comment1 Comment  |  Read  |  Post a Comment
The Hunt for Vulnerabilities
Jim Souders, Chief Executive Officer at AdaptivaCommentary
A road map for improving the update process will help reduce the risks from vulnerabilities.
By Jim Souders Chief Executive Officer at Adaptiva, 6/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Serverless Computing from the Inside Out
Joe Vadakkan, Global Cloud Security Leader, Optiv SecurityCommentary
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
By Joe Vadakkan Global Cloud Security Leader, Optiv Security, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
Jai Vijayan, Contributing WriterNews
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
By Jai Vijayan Contributing Writer, 6/19/2019
Comment3 comments  |  Read  |  Post a Comment
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
Robert Lemos, Contributing WriterNews
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
By Robert Lemos Contributing Writer, 6/17/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13360
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVE-2019-13383
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVE-2019-13603
PUBLISHED: 2019-07-16
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination...
CVE-2019-13605
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-1...
CVE-2019-13615
PUBLISHED: 2019-07-16
VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.