Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2018
<<   <   Page 2 / 2
Microsoft Launches 'Private Conversations' in Skype
Quick Hits  |  1/11/2018  | 
New feature uses Signal Protocol for strong encryption.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
RIG EK Remains Top of Heap, Turns to Cryptomining
News  |  1/11/2018  | 
Popular exploit kit turns its sights to drive-by cryptomining in what security researchers believe will be a trend to follow in 2018.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
CISOs' No. 1 Concern in 2018: The Talent Gap
News  |  1/10/2018  | 
Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.
Cisco Adds Encrypted Traffic Analysis Function
News  |  1/10/2018  | 
New Encrypted Traffic Analytics is designed to help enterprises inspect encrypted traffic for malicious activity without having to decrypt it first.
AWS, Google Cloud Popular Home for Botnet Controllers
News  |  1/10/2018  | 
The number of command-and-control listings increase 32% in 2017, with more botnet controllers hosted in the cloud.
FBI Director: Cryptocurrency, Nation-State Attacks, Among Agency's Top Cybersecurity Concerns
Quick Hits  |  1/10/2018  | 
Speaking at International Conference on Cyber Security, FBI director Christopher Wray pointed to a rise in nation-state attacks - and strong encryption that limits bureau investigations.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign
News  |  1/10/2018  | 
PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency.
Microsoft Patches Exploited Office Bug
News  |  1/9/2018  | 
An Office memory corruption vulnerability is the only CVE reported as under active attack for this month's Patch Tuesday.
Microsoft: How the Threat Landscape Will Shift This Year
News  |  1/9/2018  | 
Exclusive interview with Windows Security lead on how 2017 was a "return to retro" security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
Threatcare Acquires Savage Security
Quick Hits  |  1/9/2018  | 
The deal expands Threatcare's business beyond its breach and attack simulation platform to include services and applied research.
Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches
News  |  1/9/2018  | 
Windows servers will see biggest degradation, as will Windows 7 and 8 client machines, Microsoft said.
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
20 Cybersecurity Vendors Getting Venture Capital Love
Slideshows  |  1/9/2018  | 
VCs splashed a record $4B in funding in the cybersecurity pool - here are some highlights among the early- to middle-stage startups who snagged big deals last year.
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
News  |  1/8/2018  | 
There's a lot at stake when it comes to patching the hardware flaws.
VTech to Pay $650,000 in FTC Settlement
Quick Hits  |  1/8/2018  | 
VTech's Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.
Emailed Cyberattack Targets 2018 Pyeongchang Olympics
News  |  1/8/2018  | 
More than 300 organizations associated with the 2018 Olympics have been hit with a targeted email campaign.
Cyxtera Technologies to Acquire Immunity
Quick Hits  |  1/8/2018  | 
Deal will bring penetration testing products and services to Cyxtera's threat analytics portfolio.
US Gov Outlines Steps to Fight Botnets, Automated Threats
Quick Hits  |  1/8/2018  | 
The US Departments of Commerce and Homeland Security identify the challenges of, and potential actions against, automated cyberattacks.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018  | 
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
Breach of India's Biometric Database Puts 1 Billion Users at Risk
Quick Hits  |  1/5/2018  | 
The Tribune reports that hackers gained access to users' names, addresses, phone numbers, and other PII.
LockPoS Malware Sneaks onto Kernel via new Injection Technique
News  |  1/5/2018  | 
"Alarming evolution" of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018  | 
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
New Adware Discovered in 22 Apps in Google Play
Quick Hits  |  1/5/2018  | 
The 'LightsOut' adware is found is flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times.
Google Apps Script Vulnerability Exposes SaaS to URL-based Threats
News  |  1/4/2018  | 
A new means of exploiting Google Apps Script lets attackers deliver malware using URLs.
DHS Discovers Privacy Incident Involving Former Employee
Quick Hits  |  1/4/2018  | 
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
The Internet of (Secure) Things Checklist
Commentary  |  1/4/2018  | 
Insecure devices put your company at jeopardy. Use this checklist to stay safer.
Critical Microprocessor Flaws Affect Nearly Every Machine
News  |  1/3/2018  | 
Researchers release details of 'Meltdown' and 'Spectre' attacks that allow programs to steal sensitive data.
Intel Processor Security Flaw Prompts Kernel Makeovers in Linux, Windows
News  |  1/3/2018  | 
As-yet undisclosed design flaw in Intel processors has OS programmers working on kernel updates that reportedly could slow performance.
In Mobile, It's Back to the Future
Commentary  |  1/3/2018  | 
The mobile industry keeps pushing forward while overlooking some security concerns of the past.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Commentary  |  1/3/2018  | 
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
The Cybersecurity 'Upside Down'
Commentary  |  1/2/2018  | 
There is no stranger thing than being breached. Here are a few ways to avoid the horror.
The Argument for Risk-Based Security
Commentary  |  1/2/2018  | 
A scanner can identify a vulnerability, but only a deep understanding of cyber exposure will tell you about the seriousness of that risk. Here's how and why.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29813
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2021-29814
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2021-29815
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2021-29816
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341.
CVE-2021-29832
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...