Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2019
Page 1 / 3   >   >>
The Top 25 Most Dangerous Software Errors
Larry Loeb  |  11/29/2019  | 
'Improper Restriction of Operations within the Bounds of a Memory Buffer' tops this year's list.
Solr Search Tool Can Allow Remote Code Execution (RCE) by Default
Larry Loeb  |  11/28/2019  | 
A security vulnerability affecting the Linux enterprise search tool Apache Solr has been reclassified by Tenable as 'high severity status.'
SQL Injection Errors No Longer the Top Software Security Issue
News  |  11/27/2019  | 
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
New Free Emulator Challenges Apple's Control of iOS
News  |  11/27/2019  | 
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
How to Get Prepared for Privacy Legislation
Commentary  |  11/27/2019  | 
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
Google Details Its Responses to Cyber Attacks, Disinformation
Quick Hits  |  11/27/2019  | 
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
Practical Principles for Security Metrics
Commentary  |  11/27/2019  | 
A proactive approach to cybersecurity requires the right tools, not more tools.
False Training Information Can Dupe Machine Learning Models
Larry Loeb  |  11/27/2019  | 
Researchers from Boston University have shown how really small amounts of disinformation can taint the learning process used by many AI programs.
7 Ways to Hang Up on Voice Fraud
Slideshows  |  11/27/2019  | 
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
The Implications of Last Week's Exposure of 1.2B Records
News  |  11/26/2019  | 
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
News  |  11/26/2019  | 
The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
'Dexphot': A Sophisticated, Everyday Threat
News  |  11/26/2019  | 
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
On the Border Warns of Data Breach
Quick Hits  |  11/26/2019  | 
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
DDoS: An Underestimated Threat
Commentary  |  11/26/2019  | 
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Quick Hits  |  11/26/2019  | 
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
Dangerous 'RIPlace' Exploit Able to Bypass AV & EDR Protections
Larry Loeb  |  11/26/2019  | 
Researchers discover way that ransomware can bypass the protections which operating system vendors have built into their products.
5 Ways to Champion and Increase Your 2020 Security Budget
Commentary  |  11/26/2019  | 
Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
News  |  11/25/2019  | 
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
Most Organizations Have Incomplete Vulnerability Information
News  |  11/25/2019  | 
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
T-Mobile Prepaid Hit by Significant Data Breach
Quick Hits  |  11/25/2019  | 
The breach, estimated to have affected more than a million customers, came from malicious external actors.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Quick Hits  |  11/25/2019  | 
Researchers notice year-end phishing attacks starting in July and ramping up in September.
DePriMon: A New & Unique Way to Download Malware
Larry Loeb  |  11/25/2019  | 
ESET calls it 'a powerful, flexible and persistent tool.'
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Researchers Explore How Mental Health Is Tracked Online
News  |  11/22/2019  | 
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Target Seeks $74M in Data Breach Reimbursement from Insurance Company
Quick Hits  |  11/22/2019  | 
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
News  |  11/22/2019  | 
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
1.2B Records Exposed in Massive Server Leak
Quick Hits  |  11/22/2019  | 
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Commentary  |  11/22/2019  | 
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Artisans & Commercials Gang Up on Third Parties
Larry Loeb  |  11/22/2019  | 
Cybersecurity and intelligence firm AdvIntel has reported about a trend it has seen happening in the ransomware arena.
Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities
News  |  11/21/2019  | 
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.
Government Agency Partners on New Tool for Election Security
Quick Hits  |  11/21/2019  | 
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Increases Top Android Hacking Prize to $1M
Quick Hits  |  11/21/2019  | 
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
Phoenix Keylogger Rises & Steals Information
Larry Loeb  |  11/21/2019  | 
Keylogger first emerged in July 2019, and is packed with myriad information-stealing features.
6 Top Nontechnical Degrees for Cybersecurity
Slideshows  |  11/21/2019  | 
A computer science degree isn't the only path into a cybersecurity career.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Commentary  |  11/21/2019  | 
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Anatomy of a BEC Scam
News  |  11/21/2019  | 
A look at the characteristics of real-world business email compromise attacks and what makes them tick.
As Retailers Prepare for the Holiday Season, So Do Cybercriminals
News  |  11/20/2019  | 
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.
Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis
News  |  11/20/2019  | 
Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.
Google Cloud Update Gives Users Greater Data Control
Quick Hits  |  11/20/2019  | 
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
Employee Privacy in a Mobile Workplace
Commentary  |  11/20/2019  | 
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
News  |  11/20/2019  | 
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visas contactless payments security system vulnerabilities.
Why Multifactor Authentication Is Now a Hacker Target
Commentary  |  11/20/2019  | 
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Quick Hits  |  11/20/2019  | 
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
MSFT Jumps on DoH
Larry Loeb  |  11/20/2019  | 
Microsoft has announced that an upcoming version of Windows 10 will have support for DNS over HTTPS.
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
News  |  11/19/2019  | 
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
Attacker Mistake Botches Cyborg Ransomware Campaign
News  |  11/19/2019  | 
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
DDoS Attacks Up Sharply in Third Quarter of 2019
Quick Hits  |  11/19/2019  | 
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32813
PUBLISHED: 2021-08-03
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however...
CVE-2020-19303
PUBLISHED: 2021-08-03
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.
CVE-2020-19304
PUBLISHED: 2021-08-03
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVE-2020-19305
PUBLISHED: 2021-08-03
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2021-33335
PUBLISHED: 2021-08-03
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator us...