Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
FBI Seizes Domain That Sold Info Stolen in Data Breaches
Quick Hits  |  1/17/2020  | 
The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
News  |  1/17/2020  | 
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Commentary  |  1/16/2020  | 
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
CISO Resigns From Pete Buttigieg Presidential Campaign
Quick Hits  |  1/16/2020  | 
The only Democratic campaign known to have a CISO loses Mick Baccio due to a "fundamental philosophical difference with campaign management."
NY Fed Reveals Implications of Cyberattack on US Financial System
Quick Hits  |  1/16/2020  | 
A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
Active Directory Needs an Update: Here's Why
Commentary  |  1/16/2020  | 
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
New Report Spotlights Changes in Phishing Techniques
News  |  1/15/2020  | 
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
ISACs Join Forces to Secure the Travel Industry
Quick Hits  |  1/15/2020  | 
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
How SD-WAN Helps Achieve Data Security and Threat Protection
Commentary  |  1/15/2020  | 
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Microsoft Patches Windows Vuln Discovered by the NSA
News  |  1/14/2020  | 
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Quick Hits  |  1/14/2020  | 
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
Global Predictions for Energy Cyber Resilience in 2020
Commentary  |  1/14/2020  | 
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Website Collecting Australian Fire Donations Hit by Magecart
Quick Hits  |  1/13/2020  | 
The attack may have compromised donors' payment information.
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
News  |  1/13/2020  | 
Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.
Texas School District Loses $2.3M to Phishing Attack
Quick Hits  |  1/13/2020  | 
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.
Will This Be the Year of the Branded Cybercriminal?
Commentary  |  1/13/2020  | 
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
Synopsys Buys Tinfoil
Quick Hits  |  1/10/2020  | 
Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
5 Tips on How to Build a Strong Security Metrics Framework
Commentary  |  1/10/2020  | 
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Chinese Malware Found Preinstalled on US Government-Funded Phones
News  |  1/9/2020  | 
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal
News  |  1/9/2020  | 
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
Operationalizing Threat Intelligence at Scale in the SOC
Commentary  |  1/9/2020  | 
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
7 Free Tools for Better Visibility Into Your Network
Slideshows  |  1/9/2020  | 
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
Las Vegas Suffers Cyberattack on First Day of CES
Quick Hits  |  1/8/2020  | 
The attack, still under investigation, hit early in the morning of Jan. 7.
Developers Still Don't Properly Handle Sensitive Data
News  |  1/8/2020  | 
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
TikTok Bugs Put Users' Videos, Personal Data At Risk
News  |  1/8/2020  | 
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
The "Art of Cloud War" for Business-Critical Data
Commentary  |  1/8/2020  | 
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
The Discovery and Implications of 'MDB Leaker'
News  |  1/7/2020  | 
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
Accenture to Buy Symantec's Cyber Security Services
Quick Hits  |  1/7/2020  | 
The purchase, for an undisclosed amount, is scheduled to close in March.
New Standards Set to Reshape Future of Email Security
Commentary  |  1/7/2020  | 
Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
US Government Publishing Office Website Defaced
Quick Hits  |  1/6/2020  | 
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
Client-Side JavaScript Risks & the CCPA
Commentary  |  1/6/2020  | 
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
Ransomware Victim Southwire Sues Maze Operators
News  |  1/3/2020  | 
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
Cisco Drops a Dozen Vulnerability Patches
Quick Hits  |  1/3/2020  | 
Among them are three for critical authentication bypass flaws.
Malware Hits Travelex Currency Exchange Service
Quick Hits  |  1/3/2020  | 
The New Year's Eve malware attack forced Travelex employees to resort to manual operations.
Organizations May 'Uncloud' Over Security, Budgetary Concerns
Commentary  |  1/3/2020  | 
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're using
Ransomware Scuttles Coast Guard Facility for 30+ Hours
Quick Hits  |  1/2/2020  | 
The attack on the unnamed facility began with a malicious email link.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Commentary  |  1/2/2020  | 
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
Fraud in the New Decade
Commentary  |  12/30/2019  | 
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
The Night Before 'Breachmas'
Commentary  |  12/24/2019  | 
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
Citrix Urges Firms to Harden Configurations After Flaw Report
News  |  12/23/2019  | 
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
Mastercard Announces Plan to Purchase RiskRecon
Quick Hits  |  12/23/2019  | 
The acquisition is expected to close in the first quarter of 2020.
Former NY Hospital Employee Admits to Stealing Colleagues' Data
Quick Hits  |  12/23/2019  | 
Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.
Page 1 / 2   >   >>


Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2020-7222
PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...