Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Common Hacker Tool Hit with Hackable Vulnerability
Quick Hits  |  6/14/2019  | 
A researcher has found a significant exploit in one of the most frequently used text editors.
Sensory Overload: Filtering Out Cybersecurity's Noise
Commentary  |  6/14/2019  | 
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
The CISO's Drive to Consolidation
Commentary  |  6/13/2019  | 
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
The Rise of 'Purple Teaming'
Commentary  |  6/13/2019  | 
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
Black Hat Q&A: Defending Against Cheaper, Accessible Deepfake Tech
News  |  6/13/2019  | 
ZeroFoxs Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of deepfake videos.
DNS Observatory Offers Researchers New Insight into Global DNS Activity
News  |  6/12/2019  | 
Among its early findings, 60% of the DNS transactions captured were handled by just 1,000 name servers.
New Funding Values KnowBe4 at $1 Billion
Quick Hits  |  6/12/2019  | 
The $300 million investment is being led by KKR.
Tomorrow's Cybersecurity Analyst Is Not Who You Think
Commentary  |  6/12/2019  | 
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw
News  |  6/11/2019  | 
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
Suppliers Spotlighted After Breach of Border Agency Subcontractor
News  |  6/11/2019  | 
Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.
Microsoft Issues Fixes for 88 Vulnerabilities
News  |  6/11/2019  | 
Four of the flaws are publicly known but none have been listed as under active attack.
What 3 Powerful GoT Women Teach Us about Cybersecurity
Commentary  |  6/11/2019  | 
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
FBI Warns of Dangers in 'Safe' Websites
News  |  6/11/2019  | 
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
Getting Up to Speed on Magecart
Commentary  |  6/11/2019  | 
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
Federal Photos Filched in Contractor Breach
Quick Hits  |  6/10/2019  | 
Data should never have been on subcontractor's servers, says Customs and Border Protection.
Huawei Represents Massive Supply Chain Risk: Report
News  |  6/10/2019  | 
The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.
Cognitive Bias Can Hamper Security Decisions
News  |  6/10/2019  | 
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
Voting Machine Vendor Shifts Gears & Pushes for Backup Paper Ballots
Quick Hits  |  6/10/2019  | 
Election Systems & Software will 'no longer sell paperless voting machines,' CEO said.
GoldBrute Botnet Brute-Forcing 1.5M RDP Servers
Quick Hits  |  6/10/2019  | 
Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
Dark Web Becomes a Haven for Targeted Hits
News  |  6/7/2019  | 
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.
Vulnerability Found in Millions of Email Systems
Quick Hits  |  6/7/2019  | 
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
News  |  6/7/2019  | 
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.
The Minefield of Corporate Email
News  |  6/7/2019  | 
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
6 Security Scams Set to Sweep This Summer
Slideshows  |  6/6/2019  | 
Experts share the cybersecurity threats to watch for and advice to stay protected.
Cyber Talent Gap? Don't Think Like Tinder!
Commentary  |  6/6/2019  | 
If your company truly is a great place to work, make sure your help-wanted ads steer clear of these common job-listing clichs.
Inside the Criminal Businesses Built to Target Enterprises
News  |  6/6/2019  | 
Researchers witness an increase in buying and selling targeted hacking services, custom malware, and corporate network access on the Dark Web.
When Security Goes Off the Rails
Commentary  |  6/6/2019  | 
Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis.
Researchers Finds Thousands of iOS Apps Ignoring Security
News  |  6/5/2019  | 
A critical data encryption tool, included by default in iOS, is being turned off in more than two-thirds of popular apps.
How to Get the Most Benefits from Biometrics
Commentary  |  6/5/2019  | 
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
NSA Issues Advisory for 'BlueKeep' Vulnerability
Quick Hits  |  6/5/2019  | 
The National Security Agency joins Microsoft in urging Windows admins to patch 'wormable' bug CVE-2019-0708.
CISOs & CIOs: Better Together
Commentary  |  6/5/2019  | 
An overview of three common organizational structures illustrates how NOT to pit chief security and IT execs against each other.
Adware Hidden in Android Apps Downloaded More Than 440 Million Times
News  |  6/4/2019  | 
The heavily obfuscated adware was found in 238 different apps on Google Play.
2.8 Billion US Consumer Records Lost in 2018
Quick Hits  |  6/4/2019  | 
Healthcare breaches grew 400%, study shows.
How Today's Cybercriminals Sneak into Your Inbox
News  |  6/4/2019  | 
The tactics and techniques most commonly used to slip past security defenses and catch employees off guard.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
7 Container Components That Increase a Network's Security
Slideshows  |  6/4/2019  | 
A proof of concept at Interop19 showed just how simple a container deployment can be.
What Cyber Skills Shortage?
Commentary  |  6/4/2019  | 
Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Heres how.
Microsoft Urges Businesses to Patch 'BlueKeep' Flaw
News  |  6/3/2019  | 
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.
Majority of C-Level Executives Expect a Cyber Breach
Quick Hits  |  6/3/2019  | 
Survey of executives in the US and UK shows that worries abound -- about cyberattacks and the lack of resources to defend against them.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.
New SOAP Attack Hits South African Home Routers
Quick Hits  |  5/31/2019  | 
A huge wave of attacks is targeting home routers in South Africa for recruitment into a Hakai-based botnet.
Focusing on Endpoints: 5 Steps to Fight Cybercrime
Commentary  |  5/31/2019  | 
Follow these best practices to strengthen endpoint management strategies and protect company data.
Vulnerability Leaves Container Images Without Passwords
News  |  5/30/2019  | 
A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.
2.3B Files Currently Exposed via Online Storage
News  |  5/30/2019  | 
Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.
Insight Partners Acquires Recorded Future
Quick Hits  |  5/30/2019  | 
The threat intelligence company went for $780 million in a cash deal.
The Ransomware Dilemma: What if Your Local Government Is Next?
Commentary  |  5/30/2019  | 
Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.
Docker Vulnerability Opens Servers to Container Code
News  |  5/29/2019  | 
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Page 1 / 2   >   >>


7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.