Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
What's in a Botnet? Researchers Spy on Geost Operators
News  |  12/4/2019  | 
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Microsoft Issues Advisory for Windows Hello for Business
Quick Hits  |  12/4/2019  | 
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
Attackers Continue to Exploit Outlook Home Page Flaw
News  |  12/4/2019  | 
FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
Application & Infrastructure Risk Management: You've Been Doing It Backward
Commentary  |  12/4/2019  | 
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
TrickBot Expands in Japan Ahead of the Holidays
News  |  12/3/2019  | 
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
What Security Leaders Can Learn from Marketing
Commentary  |  12/3/2019  | 
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
Smith & Wesson Is Magecart's Latest Target
Quick Hits  |  12/3/2019  | 
Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
Siemens Offers Workarounds for Newly Found PLC Vulnerability
Quick Hits  |  12/3/2019  | 
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
Leveraging the Cloud for Cyber Intelligence
Commentary  |  12/3/2019  | 
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
Kali Linux Gets New Desktop Environment & Undercover Theme
News  |  12/2/2019  | 
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
News  |  12/2/2019  | 
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
StrandHogg Vulnerability Affects All Versions of Android
News  |  12/2/2019  | 
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
Data from 21M Mixcloud Users Compromised in Breach
Quick Hits  |  12/2/2019  | 
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
3 Modern Myths of Threat Intelligence
Commentary  |  12/2/2019  | 
More intelligence does not lead to more security. Here's why.
SQL Injection Errors No Longer the Top Software Security Issue
News  |  11/27/2019  | 
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
Google Details Its Responses to Cyber Attacks, Disinformation
Quick Hits  |  11/27/2019  | 
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
New Free Emulator Challenges Apple's Control of iOS
News  |  11/27/2019  | 
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
How to Get Prepared for Privacy Legislation
Commentary  |  11/27/2019  | 
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
Practical Principles for Security Metrics
Commentary  |  11/27/2019  | 
A proactive approach to cybersecurity requires the right tools, not more tools.
The Implications of Last Week's Exposure of 1.2B Records
News  |  11/26/2019  | 
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
'Dexphot': A Sophisticated, Everyday Threat
News  |  11/26/2019  | 
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
On the Border Warns of Data Breach
Quick Hits  |  11/26/2019  | 
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
DDoS: An Underestimated Threat
Commentary  |  11/26/2019  | 
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Quick Hits  |  11/26/2019  | 
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
News  |  11/25/2019  | 
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
Most Organizations Have Incomplete Vulnerability Information
News  |  11/25/2019  | 
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
T-Mobile Prepaid Hit by Significant Data Breach
Quick Hits  |  11/25/2019  | 
The breach, estimated to have affected more than a million customers, came from malicious external actors.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Quick Hits  |  11/25/2019  | 
Researchers notice year-end phishing attacks starting in July and ramping up in September.
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Researchers Explore How Mental Health Is Tracked Online
News  |  11/22/2019  | 
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Target Seeks $74M in Data Breach Reimbursement from Insurance Company
Quick Hits  |  11/22/2019  | 
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
News  |  11/22/2019  | 
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Commentary  |  11/22/2019  | 
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Government Agency Partners on New Tool for Election Security
Quick Hits  |  11/21/2019  | 
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Increases Top Android Hacking Prize to $1M
Quick Hits  |  11/21/2019  | 
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Commentary  |  11/21/2019  | 
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Employee Privacy in a Mobile Workplace
Commentary  |  11/20/2019  | 
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Why Multifactor Authentication Is Now a Hacker Target
Commentary  |  11/20/2019  | 
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Quick Hits  |  11/20/2019  | 
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
Attacker Mistake Botches Cyborg Ransomware Campaign
News  |  11/19/2019  | 
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
DDoS Attacks Up Sharply in Third Quarter of 2019
Quick Hits  |  11/19/2019  | 
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
TPM-Fail: What It Means & What to Do About It
Commentary  |  11/19/2019  | 
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Commentary  |  11/19/2019  | 
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
Magecart Hits Macy's: Retailer Discloses Data Breach
Quick Hits  |  11/19/2019  | 
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Disney+ Credentials Land in Dark Web Hours After Service Launch
Quick Hits  |  11/18/2019  | 
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19317
PUBLISHED: 2019-12-05
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-19602
PUBLISHED: 2019-12-05
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstr...
CVE-2019-19601
PUBLISHED: 2019-12-05
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.
CVE-2019-19589
PUBLISHED: 2019-12-05
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
CVE-2019-19597
PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.