News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
North Korea-Linked Cyberattacks Spread Out of Control: Report
News  |  2/15/2018  | 
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Air Force Awards $12,500 for One Bug
Quick Hits  |  2/15/2018  | 
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Intel Expands Bug Bounty Program, Offers up to $250K
News  |  2/14/2018  | 
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
As Primaries Loom, Election Security Efforts Behind Schedule
Quick Hits  |  2/13/2018  | 
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
Microsoft Fixes Two Security Flaws in Outlook
News  |  2/13/2018  | 
February security patches include updates for 50 vulnerabilities, 14 of which are critical.
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
News  |  2/13/2018  | 
A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Cyberattack Aimed to Disrupt Opening of Winter Olympics
News  |  2/12/2018  | 
Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
One in Three SOC Analysts Now Job-Hunting
News  |  2/12/2018  | 
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Google Paid $2.9M for Vulnerabilities in 2017
News  |  2/9/2018  | 
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
8 Nation-State Hacking Groups to Watch in 2018
Slideshows  |  2/9/2018  | 
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Russian Authorities Arrest Engineers for Cryptocurrency Mining at Nuclear Weapons Site
Quick Hits  |  2/9/2018  | 
The nuclear weapons facility employees reportedly tried to mine cryptocurrency via a supercomputer.
New POS Malware Steals Data via DNS Traffic
News  |  2/8/2018  | 
UDPoS is disguised to appear like a LogMeIn service pack, Forcepoint says.
Apple iOS iBoot Secure Bootloader Code Leaked Online
Quick Hits  |  2/8/2018  | 
Lawyers for Apple called for the source code to be removed from GitHub.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
North Korean APT Group Employed Rare Zero-Day Attack
News  |  2/7/2018  | 
Recent Adobe Flash exploit discovered against South Korean targets likely purchased, not developed by the hacking group.
Cisco Issues New Patch for Critical ASA Vulnerability
Quick Hits  |  2/7/2018  | 
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
Man Formerly on FBI Most Wanted List Pleads Guilty in 'Scareware' Hack
Quick Hits  |  2/7/2018  | 
Latvian man ran bulletproof Web hosting service that served cybercriminals.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018  | 
The biggest security problems inside your company may result from problems it inherited.
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
News  |  2/7/2018  | 
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Security vs. Speed: The Risk of Rushing to the Cloud
News  |  2/6/2018  | 
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
Adobe Patches Flash Zero-Day Used in South Korean Attacks
Quick Hits  |  2/6/2018  | 
Critical flaw is one of two critical use-after-free vulnerabilities in Flash fixed today by the software firm.
AutoSploit: Mass Exploitation Just Got a Lot Easier
Commentary  |  2/6/2018  | 
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
Microsoft Updates Payment, Criteria for Windows Bug Bounty
News  |  2/6/2018  | 
The Windows Insider Preview Bounty Program will award between $500 and $15,000 for eligible submissions.
Identity Fraud Hits All-Time High in 2017
News  |  2/6/2018  | 
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
Over 12,000 Business Websites Leveraged for Cybercrime
News  |  2/5/2018  | 
Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.
APIs Pose 'Mushrooming' Security Risk
News  |  2/2/2018  | 
As APIs grow in prominence, top security concerns include bots and authentication.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks
News  |  2/1/2018  | 
Critical use-after-free vulnerability being used in targeted attacks.
Poor Visibility, Weak Passwords Compromise Active Directory
News  |  2/1/2018  | 
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
'Ransomware' Added to Oxford English Dictionary
Quick Hits  |  2/1/2018  | 
The term is one of 1,100 new entries added to the Oxford English Dictionary this week.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
News  |  1/31/2018  | 
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018  | 
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
News  |  1/29/2018  | 
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Page 1 / 2   >   >>


One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.