Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2017
Page 1 / 2   >   >>
Google Paid $3 Million To Bug Hunters In 2016
News  |  1/31/2017  | 
Search engine giant an example of the growing number of organizations benefiting from bug bounty programs.
3 Things Companies Must Do Before A Data Breach
Commentary  |  1/31/2017  | 
It's important to plan ahead for when you're attacked, and these tips will help you get ready.
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Most Malware-Infected US Cities List Shows Size Doesn't Matter
Quick Hits  |  1/26/2017  | 
Webroot's list of the top 10 most infected US cities includes only one city from the Top 10 most densely populated.
There's No One Perfect Method For Encryption In The Cloud
Commentary  |  1/26/2017  | 
The problem with encryption is that it affects performance, especially in the cloud. Know the different methods so you can pick the type that best suits your needs.
Data Breaches Exposed 4.2 Billion Records In 2016
News  |  1/25/2017  | 
The 4,149 data breaches reported in 2016 shattered the all-time high of nearly 1 billion exposed records in 2013.
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Commentary  |  1/25/2017  | 
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
Security Training 101: Stop Blaming The User
Commentary  |  1/25/2017  | 
To err is human, so it makes sense to quit pointing fingers and start protecting the organization from users -- and vice versa.
This Week On Dark Reading: Event Calendar
Commentary  |  1/25/2017  | 
Devote some time and headspace to improving your skills with these Dark Reading events.
Meet Ripper.cc, A Reputation Service For Cybercriminals
News  |  1/24/2017  | 
Ripper.cc offers a service to help protect the genuine cybercriminals from the scammers in their midst.
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
Meet 'Fruitfly:' Mac Malware Targeting Biomedical Research Centers
Partner Perspectives  |  1/24/2017  | 
This newly discovered code contains indications that it has been circulating undetected for at least a couple years.
4 Reasons Why You Should Take Ransomware Seriously
Commentary  |  1/24/2017  | 
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
Why Dependence On Cloud Providers Could Come Back And Bite Us
Commentary  |  1/23/2017  | 
It's time to re-evaluate the cloud policies you have in place. And if you're not learning from the mistakes of others, you're doomed to repeat them.
3 Lessons From The Yahoo Breach
Commentary  |  1/20/2017  | 
Your organization must address these blind spots to detect sophisticated attacks.
Protesters Called To Join Inauguration Day DDoS Attack
News  |  1/19/2017  | 
Protesters have been invited to flood WhiteHouse.gov ahead of Trump's inauguration to voice their opposition to the presidency.
Cyber Lessons From NSAs Admiral Michael Rogers
Commentary  |  1/19/2017  | 
Security teams must get better at catching intruders where we have the advantage: on our own networks.
The 4 Top Barriers To Effective Incident Response
Commentary  |  1/19/2017  | 
Responding to cyberattacks is straightforward in some ways, difficult in others. Here are four ways that the process can get tripped up.
What CISOs Need To Know Before Adopting Biometrics
Commentary  |  1/18/2017  | 
Biometric techniques offer a solution to the password problem, but getting started can be tough. Here are a few things you need to know.
7 Common Reasons Companies Get Hacked
Slideshows  |  1/18/2017  | 
Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?
Cloud Security & IoT: A Look At What Lies Ahead
Commentary  |  1/18/2017  | 
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
Close The Gap Between IT & Security To Reduce The Impact Of Cyber Threats
Commentary  |  1/17/2017  | 
IT and security teams work more effectively together than apart.
Credential-Stuffing Attacks Take Enterprise Systems By Storm
News  |  1/17/2017  | 
Automated credential-stuffing attempts makes up 90% of enterprise login traffic.
Ransomware: How A Security Inconvenience Became The Industry's Most-Feared Vulnerability
Commentary  |  1/16/2017  | 
There are all sorts of ways to curb ransomware, so why has it spread so successfully?
10 Cocktail Party Security Tips From The Experts
Slideshows  |  1/13/2017  | 
Security pros offer basic advice to help average users ward off the bad guys.
The Sorry State Of Cybersecurity Awareness Training
Commentary  |  1/13/2017  | 
Rules aren't really rules if breaking them has no consequences.
Ex-US National Security Official Clarke: Regulation Key To Protecting ICS/SCADA From Cyberattacks
News  |  1/12/2017  | 
Richard Clarke proposes a Y2K-style approach to beefing up security for critical infrastructure.
Crowdsourcing 20 Answers To Security Ops & IR Questions
Commentary  |  1/12/2017  | 
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
Cardiac Implant Flaw Patched, But Holes Remain
News  |  1/11/2017  | 
A new chapter opens in the controversy surrounding security vulnerabilities disclosed in St. Jude Medical's cardiac implant devices.
Credit Freeze: The New Normal In Data Breach Protection?
Commentary  |  1/11/2017  | 
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
IoT, Foreign Actors, Insider Threats Shape 2017 Risk Management
News  |  1/11/2017  | 
A new report aims to inform risk management decisions for 2017 by identifying potential security threats and their anticipated effect on businesses.
The 3 C's Of Security Awareness
Commentary  |  1/11/2017  | 
Explaining the technical part of security comes easy for many of us. But the soft skills needed to change behavior are often sadly missing.
Survey Points to Slight Rise in Adaptive Authentication Over 2FA
News  |  1/11/2017  | 
SecureAuth study reports a majority of IT decision makers and security pros have issues with two-factor authentication.
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
News  |  1/10/2017  | 
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
'Molecular' Cybersecurity Vs. Information Cybersecurity
Commentary  |  1/10/2017  | 
When it comes to industrial processes, security begins at the molecular level.
'Zero Trust': The Way Forward in Cybersecurity
Commentary  |  1/10/2017  | 
This approach to network design can cut the chance of a breach.
MongoDB Attack Shows Off Cyber Extortionists' New Tricks
News  |  1/10/2017  | 
Ransomware operators are diversifying their cyber-extortion toolkit and expanding their range of targets.
DHS Designates Election Systems As Critical Infrastructure
News  |  1/9/2017  | 
The Department of Homeland Security has deemed the nation's voting system as part of its critical infrastructure, citing security reasons.
The Limitations Of Phishing Education
Commentary  |  1/9/2017  | 
Human nature means that education will only go so far. Technology needs to take up the slack.
Online Or Offline, Ransomware Will Find You
Partner Perspectives  |  1/9/2017  | 
The current threat landscape is a mish-mash of online ransomware, offline ransomware, and those that are a mixture of the two.
What To Watch For With Ransomware: 2017 Edition
Slideshows  |  1/7/2017  | 
Ransomware will continue to evolve in 2017, bringing new and diverse threats to businesses. What changes are in store?
Cyber Deterrence Should Be Key Focus For Trump Administration, Task Force Says
News  |  1/6/2017  | 
Time for US to strengthen consequences for cyberattacks, CSIS says in recommendations to incoming administration.
Ghost Hosts Bypass URL Filtering
News  |  1/5/2017  | 
Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones.
Why Ransomware Is Only Going To Get Worse
Commentary  |  1/5/2017  | 
The meteoric rise of the problem stems from a lack of preparedness and simple economics.
2017 To Bring More Ransomware, IoT DDoS Attacks, And SCADA Incidents
Partner Perspectives  |  1/5/2017  | 
As hackers begin to target corporations in an attempt to extort higher ransom fees, the threat will only become more serious.
Non-Web App Vulnerabilities Outpace Web App Flaws
News  |  1/5/2017  | 
On back of IoT and other growing application spaces, the gap between vulns found in Web apps compared to all other apps widens in 2016.
A Look Inside Responsible Vulnerability Disclosure
Commentary  |  1/5/2017  | 
It's time for security researchers and vendors to agree on a standard responsible disclosure timeline.
FTC Launches Contest For Technology Tool To Protect Home IoT Devices
News  |  1/4/2017  | 
IoT Home Inspector Challenge will award $25,000 for best proposal
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...