News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Exposed Container Orchestration Systems Putting Many Orgs at Risk
News  |  6/18/2018  | 
More than 22,600 open container orchestration and API management systems discovered on the Internet.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Hackers Crack iPhone Defense Built to Block Forensic Tools
Quick Hits  |  6/15/2018  | 
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Commentary  |  6/14/2018  | 
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Mobile App Threats Continue to Grow
News  |  6/14/2018  | 
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
23,000 Compromised in HealthEquity Data Breach
Quick Hits  |  6/14/2018  | 
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Blockchain All the Rage But Comes With Numerous Risks
News  |  6/13/2018  | 
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
Commentary  |  6/13/2018  | 
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
News  |  6/13/2018  | 
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
Microsoft Fixes 11 Critical, 39 Important Vulns
News  |  6/12/2018  | 
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
News  |  6/12/2018  | 
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
'Shift Left' & the Connected Car
Commentary  |  6/12/2018  | 
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
New Hack Weaponizes the Web Cache
News  |  6/12/2018  | 
Researcher exploits design flaws in Web caching to take control of popular websites, frameworks and the Mozilla Firefox browser infrastructure.
Weaponizing IPv6 to Bypass IPv4 Security
Commentary  |  6/12/2018  | 
Just because you're not yet using IPv6 doesn't mean you're safe from the protocol's attack vectors.
Security Ratings Answer Big Questions in Cyber Insurance
News  |  6/11/2018  | 
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
74 Arrested in International Email Scam Schemes
Quick Hits  |  6/11/2018  | 
A coordinated effort has led to the arrest of 74 individuals around the world on charges of defrauding businesses and individuals.
Fewer Phishing Attacks Hit More Diverse Targets
News  |  6/11/2018  | 
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
Dixons Carphone Hack Compromises 5.9M Payment Cards
Quick Hits  |  6/11/2018  | 
The UK electronics retailer says the hack, which began last July, also involves 1.2M personal data records.
6 Ways Greed Has a Negative Effect on Cybersecurity
Commentary  |  6/11/2018  | 
How the security industry can both make money and stay true to its core values, and why that matters.
SAP CSO: Security Requires Context
News  |  6/11/2018  | 
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
Major ICS/SCADA Vendors Team Up in $60M Investment in Claroty
Quick Hits  |  6/11/2018  | 
Series B round led by Temasek includes Rockwell Automation, an investment arm of Schneider Electric, and a Siemens-backed global venture firm.
Threat Landscape: Dark Reading Caption Contest Winners
Commentary  |  6/8/2018  | 
Insider threats -- desktop attacks, security awareness, caffeine -- all worthy contenders in our cartoon caption competition. And the winners are ...
Facebook Bug Sets 14M Users' Settings to 'Public'
Quick Hits  |  6/8/2018  | 
The default sharing setting was accidentally changed for millions of accounts during a four-day period last month.
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
News  |  6/7/2018  | 
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
Adobe Issues Emergency Patch for Flash Zero-Day
News  |  6/7/2018  | 
Adobe has patched four security vulnerabilities today, including a zero-day being actively exploited in the wild.
Side-Channel Attacks & the Importance of Hardware-Based Security
Commentary  |  6/7/2018  | 
Reliably evaluating the security of modern infrastructure requires a solid understanding of the hardware supporting it.
In Pursuit of Cryptography's Holy Grail
Commentary  |  6/7/2018  | 
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
7 Variants (So Far) of Mirai
Slideshows  |  6/7/2018  | 
Mirai is an example of the newest trend in rapidly evolving, constantly improving malware. These seven variants show how threat actors are making bad malware worse.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
News  |  6/6/2018  | 
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
Five Indicted for Conning Target, Shoppers Out of Nearly $800K
Quick Hits  |  6/6/2018  | 
Members of a fraud ring were charged with compromising Target's internal gift-card system and defrauding customers out of almost $800,000.
'Strutting' Past the Equifax Breach: Lessons Learned
Commentary  |  6/6/2018  | 
In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown
News  |  6/5/2018  | 
Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
'EFAIL' Is Why We Cant Have Golden Keys
Commentary  |  6/5/2018  | 
A deep dive into the issues surrounding an HTML email attack.
The Breach Disclosure Double Standard
News  |  6/5/2018  | 
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
I, for One, Welcome Our Robotic Security Overlords
Commentary  |  6/5/2018  | 
Automation will come in more subtle ways than C-3PO and it's transforming cybersecurity.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Page 1 / 2   >   >>


Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-0291
PUBLISHED: 2018-06-20
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol ...
CVE-2018-0292
PUBLISHED: 2018-06-20
A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in ...
CVE-2018-0293
PUBLISHED: 2018-06-20
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is du...
CVE-2018-0294
PUBLISHED: 2018-06-20
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive...
CVE-2018-0295
PUBLISHED: 2018-06-20
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...