Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
<<   <   Page 2 / 2
Magecart Shops for Victims as E-Commerce Market Grows
News  |  8/28/2019  | 
In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.
TrickBot Comes to Cellular Carriers
Quick Hits  |  8/28/2019  | 
A new malicious campaign seeks cell account PINs from victims.
Malware Found in Android App with 100M Users
Quick Hits  |  8/28/2019  | 
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Commentary  |  8/28/2019  | 
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
New 'Lyceum' Threat Group Eyes Critical Infrastructure
Quick Hits  |  8/27/2019  | 
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
WannaCry Remains No. 1 Ransomware Weapon
News  |  8/27/2019  | 
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
Apple Releases Emergency Patch for iPhone Jailbreak Flaw
Quick Hits  |  8/26/2019  | 
iOS version 12.4.1 fixes the "use after free" vulnerability.
More Than Half of Social Media Login Attempts Are Fraud
News  |  8/26/2019  | 
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
3 Arrested in Transnational Fraud Indictments
Quick Hits  |  8/26/2019  | 
According to the indictments, the accused impersonated government officials when they demanded money from their victims.
IRS Alerts Taxpayers to New Email Scam
Quick Hits  |  8/26/2019  | 
A spoofed IRS.gov link leads victims to a fraudulent Web page where they are prompted to download malware.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
80 Charged in Massive BEC Operation Bust
News  |  8/23/2019  | 
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
New Malware Variant Targets Old Adobe, Office Vulnerabilities
News  |  8/22/2019  | 
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
News  |  8/22/2019  | 
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
LinkedIn Details Features of Fight Against Fakes
Quick Hits  |  8/22/2019  | 
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
News  |  8/21/2019  | 
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
Ransomware Hits Fortnite Players
Quick Hits  |  8/21/2019  | 
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
7 Big Factors Putting Small Businesses At Risk
Slideshows  |  8/21/2019  | 
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Quick Hits  |  8/20/2019  | 
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
Apple Misstep Leaves iPhones Open to Jailbreak
News  |  8/20/2019  | 
Newest version of iOS contains a critical bug that the company had previously already patched.
Cyberthreats Against Financial Services Up 56%
Quick Hits  |  8/20/2019  | 
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
Who Gets Privileged Access & How to Enforce It
Commentary  |  8/20/2019  | 
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
5 Ways to Improve the Patching Process
Slideshows  |  8/20/2019  | 
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Instagram Added to Facebook Data-Abuse Bounty Program
News  |  8/19/2019  | 
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Towns Across Texas Hit in Coordinated Ransomware Attack
News  |  8/19/2019  | 
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
News  |  8/19/2019  | 
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
Tough Love: Debunking Myths about DevOps & Security
Commentary  |  8/19/2019  | 
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
News  |  8/16/2019  | 
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
European Central Bank Website Hit by Malware Attack
Quick Hits  |  8/16/2019  | 
The website was infected with malware that stole information on subscribers to a bank newsletter.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Behind the Scenes at ICS Village
News  |  8/16/2019  | 
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
NSA Researchers Talk Development, Release of Ghidra SRE Tool
News  |  8/15/2019  | 
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
New Research Finds More Struts Vulnerabilities
Quick Hits  |  8/15/2019  | 
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
The Flaw in Vulnerability Management: It's Time to Get Real
Commentary  |  8/15/2019  | 
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
68% of Companies Say Red Teaming Beats Blue Teaming
Quick Hits  |  8/15/2019  | 
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Commentary  |  8/15/2019  | 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
7 Biggest Cloud Security Blind Spots
Slideshows  |  8/15/2019  | 
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
Financial Phishing Grows in Volume and Sophistication in First Half of 2019
News  |  8/14/2019  | 
Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.
Trend Micro Patches Privilege Escalation Bug in its Password Manager
News  |  8/14/2019  | 
Organizations should update to latest build as soon as possible, security vendor says.
Stronger Defenses Force Cybercriminals to Rethink Strategy
News  |  8/14/2019  | 
Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Commentary  |  8/14/2019  | 
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes
News  |  8/14/2019  | 
Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning.
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Quick Hits  |  8/14/2019  | 
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
<<   <   Page 2 / 2


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.