Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2017
Page 1 / 2   >   >>
Google Paid $3 Million To Bug Hunters In 2016
News  |  1/31/2017  | 
Search engine giant an example of the growing number of organizations benefiting from bug bounty programs.
3 Things Companies Must Do Before A Data Breach
Commentary  |  1/31/2017  | 
It's important to plan ahead for when you're attacked, and these tips will help you get ready.
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Most Malware-Infected US Cities List Shows Size Doesn't Matter
Quick Hits  |  1/26/2017  | 
Webroot's list of the top 10 most infected US cities includes only one city from the Top 10 most densely populated.
There's No One Perfect Method For Encryption In The Cloud
Commentary  |  1/26/2017  | 
The problem with encryption is that it affects performance, especially in the cloud. Know the different methods so you can pick the type that best suits your needs.
Data Breaches Exposed 4.2 Billion Records In 2016
News  |  1/25/2017  | 
The 4,149 data breaches reported in 2016 shattered the all-time high of nearly 1 billion exposed records in 2013.
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Commentary  |  1/25/2017  | 
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
Security Training 101: Stop Blaming The User
Commentary  |  1/25/2017  | 
To err is human, so it makes sense to quit pointing fingers and start protecting the organization from users -- and vice versa.
This Week On Dark Reading: Event Calendar
Commentary  |  1/25/2017  | 
Devote some time and headspace to improving your skills with these Dark Reading events.
Meet Ripper.cc, A Reputation Service For Cybercriminals
News  |  1/24/2017  | 
Ripper.cc offers a service to help protect the genuine cybercriminals from the scammers in their midst.
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
Meet 'Fruitfly:' Mac Malware Targeting Biomedical Research Centers
Partner Perspectives  |  1/24/2017  | 
This newly discovered code contains indications that it has been circulating undetected for at least a couple years.
4 Reasons Why You Should Take Ransomware Seriously
Commentary  |  1/24/2017  | 
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
Why Dependence On Cloud Providers Could Come Back And Bite Us
Commentary  |  1/23/2017  | 
It's time to re-evaluate the cloud policies you have in place. And if you're not learning from the mistakes of others, you're doomed to repeat them.
3 Lessons From The Yahoo Breach
Commentary  |  1/20/2017  | 
Your organization must address these blind spots to detect sophisticated attacks.
Protesters Called To Join Inauguration Day DDoS Attack
News  |  1/19/2017  | 
Protesters have been invited to flood WhiteHouse.gov ahead of Trump's inauguration to voice their opposition to the presidency.
Cyber Lessons From NSAs Admiral Michael Rogers
Commentary  |  1/19/2017  | 
Security teams must get better at catching intruders where we have the advantage: on our own networks.
The 4 Top Barriers To Effective Incident Response
Commentary  |  1/19/2017  | 
Responding to cyberattacks is straightforward in some ways, difficult in others. Here are four ways that the process can get tripped up.
What CISOs Need To Know Before Adopting Biometrics
Commentary  |  1/18/2017  | 
Biometric techniques offer a solution to the password problem, but getting started can be tough. Here are a few things you need to know.
7 Common Reasons Companies Get Hacked
Slideshows  |  1/18/2017  | 
Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?
Cloud Security & IoT: A Look At What Lies Ahead
Commentary  |  1/18/2017  | 
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
Close The Gap Between IT & Security To Reduce The Impact Of Cyber Threats
Commentary  |  1/17/2017  | 
IT and security teams work more effectively together than apart.
Credential-Stuffing Attacks Take Enterprise Systems By Storm
News  |  1/17/2017  | 
Automated credential-stuffing attempts makes up 90% of enterprise login traffic.
Ransomware: How A Security Inconvenience Became The Industry's Most-Feared Vulnerability
Commentary  |  1/16/2017  | 
There are all sorts of ways to curb ransomware, so why has it spread so successfully?
10 Cocktail Party Security Tips From The Experts
Slideshows  |  1/13/2017  | 
Security pros offer basic advice to help average users ward off the bad guys.
The Sorry State Of Cybersecurity Awareness Training
Commentary  |  1/13/2017  | 
Rules aren't really rules if breaking them has no consequences.
Ex-US National Security Official Clarke: Regulation Key To Protecting ICS/SCADA From Cyberattacks
News  |  1/12/2017  | 
Richard Clarke proposes a Y2K-style approach to beefing up security for critical infrastructure.
Crowdsourcing 20 Answers To Security Ops & IR Questions
Commentary  |  1/12/2017  | 
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
Cardiac Implant Flaw Patched, But Holes Remain
News  |  1/11/2017  | 
A new chapter opens in the controversy surrounding security vulnerabilities disclosed in St. Jude Medical's cardiac implant devices.
Credit Freeze: The New Normal In Data Breach Protection?
Commentary  |  1/11/2017  | 
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
IoT, Foreign Actors, Insider Threats Shape 2017 Risk Management
News  |  1/11/2017  | 
A new report aims to inform risk management decisions for 2017 by identifying potential security threats and their anticipated effect on businesses.
The 3 C's Of Security Awareness
Commentary  |  1/11/2017  | 
Explaining the technical part of security comes easy for many of us. But the soft skills needed to change behavior are often sadly missing.
Survey Points to Slight Rise in Adaptive Authentication Over 2FA
News  |  1/11/2017  | 
SecureAuth study reports a majority of IT decision makers and security pros have issues with two-factor authentication.
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
News  |  1/10/2017  | 
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
'Molecular' Cybersecurity Vs. Information Cybersecurity
Commentary  |  1/10/2017  | 
When it comes to industrial processes, security begins at the molecular level.
'Zero Trust': The Way Forward in Cybersecurity
Commentary  |  1/10/2017  | 
This approach to network design can cut the chance of a breach.
MongoDB Attack Shows Off Cyber Extortionists' New Tricks
News  |  1/10/2017  | 
Ransomware operators are diversifying their cyber-extortion toolkit and expanding their range of targets.
DHS Designates Election Systems As Critical Infrastructure
News  |  1/9/2017  | 
The Department of Homeland Security has deemed the nation's voting system as part of its critical infrastructure, citing security reasons.
The Limitations Of Phishing Education
Commentary  |  1/9/2017  | 
Human nature means that education will only go so far. Technology needs to take up the slack.
Online Or Offline, Ransomware Will Find You
Partner Perspectives  |  1/9/2017  | 
The current threat landscape is a mish-mash of online ransomware, offline ransomware, and those that are a mixture of the two.
What To Watch For With Ransomware: 2017 Edition
Slideshows  |  1/7/2017  | 
Ransomware will continue to evolve in 2017, bringing new and diverse threats to businesses. What changes are in store?
Cyber Deterrence Should Be Key Focus For Trump Administration, Task Force Says
News  |  1/6/2017  | 
Time for US to strengthen consequences for cyberattacks, CSIS says in recommendations to incoming administration.
Ghost Hosts Bypass URL Filtering
News  |  1/5/2017  | 
Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones.
Why Ransomware Is Only Going To Get Worse
Commentary  |  1/5/2017  | 
The meteoric rise of the problem stems from a lack of preparedness and simple economics.
2017 To Bring More Ransomware, IoT DDoS Attacks, And SCADA Incidents
Partner Perspectives  |  1/5/2017  | 
As hackers begin to target corporations in an attempt to extort higher ransom fees, the threat will only become more serious.
Non-Web App Vulnerabilities Outpace Web App Flaws
News  |  1/5/2017  | 
On back of IoT and other growing application spaces, the gap between vulns found in Web apps compared to all other apps widens in 2016.
A Look Inside Responsible Vulnerability Disclosure
Commentary  |  1/5/2017  | 
It's time for security researchers and vendors to agree on a standard responsible disclosure timeline.
FTC Launches Contest For Technology Tool To Protect Home IoT Devices
News  |  1/4/2017  | 
IoT Home Inspector Challenge will award $25,000 for best proposal
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3278
PUBLISHED: 2021-01-26
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2021-3285
PUBLISHED: 2021-01-26
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVE-2021-3286
PUBLISHED: 2021-01-26
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVE-2021-3291
PUBLISHED: 2021-01-26
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVE-2021-3297
PUBLISHED: 2021-01-26
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.