News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017  | 
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
The Future of Democratic Threats is Digital
News  |  10/18/2017  | 
Public policy and technological challenges take center stage as security leaders discuss digital threats to democracy.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Quick Hits  |  10/18/2017  | 
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
InfoSec Pros Among Worst Offenders of Employer Snooping
News  |  10/17/2017  | 
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Secure Wifi Hijacked by KRACK Vulns in WPA2
News  |  10/16/2017  | 
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
US Supreme Court to Hear Microsoft-DOJ Email Case
Quick Hits  |  10/16/2017  | 
High court to rule on email privacy case, pitting Redmond giant against DOJ over access to its foreign-based email servers.
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
News  |  10/16/2017  | 
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software
Quick Hits  |  10/16/2017  | 
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Printers: The Weak Link in Enterprise Security
News  |  10/16/2017  | 
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.
DoubleLocker Delivers Unique Two-Punch Hit to Android
News  |  10/13/2017  | 
Combines Android ransomware with capability to change users device PINs.
Hyatt Hit With Another Credit Card Breach
Quick Hits  |  10/13/2017  | 
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
10 Major Cloud Storage Security Slip-Ups (So Far) this Year
Slideshows  |  10/13/2017  | 
Accenture is the latest in a string of major companies to expose sensitive cloud data this year, following Verizon, Deloitte, and Dow Jones.
Kaspersky Lab and the AV Security Hole
News  |  10/12/2017  | 
It's unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor's network, security experts say.
Coalition to Offer Free Business Email Compromise Workshops
Quick Hits  |  10/12/2017  | 
A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.
Equifax Now Faces Potential Breach of Customer Help Page
Quick Hits  |  10/12/2017  | 
Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.
Security No. 1 Inhibitor to Microsoft Office 365 Adoption
News  |  10/12/2017  | 
More businesses are switching to Office 365 despite fear of social engineering and ransomware attacks, but some remain wary.
Olympic Games Face Greater Cybersecurity Risks
News  |  10/12/2017  | 
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
6 Steps to Finding Honey in the OWASP
Partner Perspectives  |  10/12/2017  | 
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
IoT: Insecurity of Things or Internet of Threats?
News  |  10/11/2017  | 
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
Cybersecurity's 'Broken' Hiring Process
News  |  10/11/2017  | 
New study shows the majority of cybersecurity positions get filled at salaries above the original compensation cap, while jobs sit unfilled an average of six months.
Akamai Acquires Nominum
Quick Hits  |  10/11/2017  | 
Purchase of DNS and enterprise cybersecurity solutions company is designed to bolster Akamai's offering to telecom carriers.
Phishing Emails that Invoke Fear, Urgency, Get the Most Clicks
News  |  10/11/2017  | 
The most commonly clicked phishing emails include urgent calls to action, or exploit victims' desire for popularity.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
Ransomware Sales on the Dark Web Spike 2,502% in 2017
News  |  10/11/2017  | 
Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.
Microsoft Patches Windows Zero-Day Flaws Tied to DNSSEC
News  |  10/10/2017  | 
Security experts advise 'immediate' patching of critical DNS client vulnerabilities in Windows 8, 10, and other affected systems.
FDIC Incurs 54 Confirmed and Suspected Breaches in 2 Years
Quick Hits  |  10/10/2017  | 
Office of Inspector General takes the Federal Deposit Insurance Corporation to task for its response to breaches.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Artificial Intelligence: Experts Talk Ethical, Security Concerns
News  |  10/10/2017  | 
Global leaders weigh the benefits and dangers of a future in which AI plays a greater role in business and security strategy.
New 4G, 5G Network Flaw 'Worrisome'
News  |  10/9/2017  | 
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
More Businesses Accidentally Exposing Cloud Services
Quick Hits  |  10/9/2017  | 
53% of businesses using cloud storage services unintentionally expose them to the public.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
John Kelly's Personal Phone Compromised
Quick Hits  |  10/6/2017  | 
Officials fear foreign entities may have accessed White House chief of staff Kelly's phone while he was secretary of Homeland Security.
How Businesses Should Respond to the Ransomware Surge
News  |  10/5/2017  | 
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017  | 
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Nation-State Attackers Steal, Copy Each Other's Tools
News  |  10/4/2017  | 
When advanced actors steal and re-use tools and infrastructure from other attack groups, it makes it harder to attribute cybercrime.
DNS a 'Victim of its Own Success'
News  |  10/4/2017  | 
Why securing the Domain Name System remains an afterthought at many organizations.
What Security Teams Need to Know about the NIAC Report
Commentary  |  10/4/2017  | 
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Page 1 / 2   >   >>


Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Be a unicorn, not a donkey...
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.