Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2019
Page 1 / 3   >   >>
Cisco Router Vulnerability Gives Window into Researchers' World
News  |  1/31/2019  | 
The research around a recent vulnerability shows how researchers follow leads and find unexpected results.
8 Cybersecurity Myths Debunked
Commentary  |  1/31/2019  | 
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints
News  |  1/31/2019  | 
Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.
Airbus Employee Info Exposed in Data Breach
Quick Hits  |  1/31/2019  | 
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
For a Super Security Playbook, Take a Page from Football
Commentary  |  1/31/2019  | 
Four key questions to consider as you plan out your next winning security strategy.
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
News  |  1/30/2019  | 
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
Yes, You Can Patch Stupid
Commentary  |  1/30/2019  | 
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Discover Issues New Cards Following Data Breach
Quick Hits  |  1/30/2019  | 
The credit card company reports Discover's card systems were not involved in the breach, discovered in August 2018.
Access Control Lists: 6 Key Principles to Keep in Mind
Slideshows  |  1/30/2019  | 
Build them carefully and maintain them rigorously, and ACLs will remain a productive piece of your security infrastructure for generations of hardware to come.
Open Source & Machine Learning: A Dynamic Duo
Commentary  |  1/30/2019  | 
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges
News  |  1/29/2019  | 
Anyone with access to an Exchange mailbox can take control of domain, security researcher says.
FaceTime Bug an AppSec Fail
News  |  1/29/2019  | 
Apple has shut off Group FaceTime while it prepares a fix for a newly found security flaw found by a 14-year-old gamer.
Americans Worried More About Computer - Not Border - Security
Quick Hits  |  1/29/2019  | 
A new survey shows more Americans are more concerned about their computer's security than the US border's.
Remote Access & the Diminishing Security Perimeter
Commentary  |  1/29/2019  | 
Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.
Creating a Security Culture & Solving the Human Problem
Commentary  |  1/29/2019  | 
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
Turn Off FaceTime in Apple iOS Now, Experts Warn
Quick Hits  |  1/28/2019  | 
Newly found bug reportedly allows callers to spy on you even if you don't pick up.
Japan Authorizes IoT Hacking
Quick Hits  |  1/28/2019  | 
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
3 Ways Companies Mess Up GDPR Compliance the Most
Commentary  |  1/28/2019  | 
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
Internet Society to Issue Privacy Code of Conduct
News  |  1/25/2019  | 
In time for Data Privacy Day, on Monday, the nine-point guidance will offer insights into how companies can more effectively manage personal data.
Ukraine Sees Surge in Election-Targeted Cyberattacks
Quick Hits  |  1/25/2019  | 
The nation suspects Russia's hand in the attacks, which seem aimed at disrupting the upcoming presidential election.
Satya Nadella: Privacy Is a Human Right
Quick Hits  |  1/25/2019  | 
In a talk at the World Economic Forum, Microsoft's CEO voiced support for GDPR and expressed hope the United States creates a similar approach to privacy.
Credential Compromises by the Numbers
Slideshows  |  1/25/2019  | 
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
The 5 Stages of CISO Success, Past & Future
Commentary  |  1/25/2019  | 
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.
After Eight Years, Metasploit Gets Its First Major Update
News  |  1/24/2019  | 
Metasploit 5.0 offers a host of service-oriented features, along with a new commitment from Rapid7 for regular releases.
Cyberattackers Bait Financial Firms with Google Cloud Platform
News  |  1/24/2019  | 
A new wave of attacks abuses the Google Cloud Platform URL redirection in PDF decoys, sending users to a malicious link.
Collateral Damage: When Cyberwarfare Targets Civilian Data
Commentary  |  1/24/2019  | 
You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.
New Phishing Campaign Packs Triple Threat
Quick Hits  |  1/24/2019  | 
Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.
Cloud Customers Faced 681M Cyberattacks in 2018
Quick Hits  |  1/24/2019  | 
The most common attacks involved software vulnerabilities, stolen credentials, Web applications, and IoT devices.
Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses
Commentary  |  1/24/2019  | 
The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.
RF Hacking Research Exposes Danger to Construction Sites
News  |  1/23/2019  | 
Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices.
DHS Issues Emergency Directive on DNS Security
News  |  1/23/2019  | 
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.
'Anatova' Emerges as Potentially Major New Ransomware Threat
News  |  1/23/2019  | 
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Aging PCs Running Out-of-Date Software Bring Security Worries
Quick Hits  |  1/23/2019  | 
Age is an issue with application languages and frameworks, too.
The Evolution of SIEM
Commentary  |  1/23/2019  | 
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Think Twice Before Paying a Ransom
Commentary  |  1/23/2019  | 
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
Enterprise Malware Detections Up 79% as Attackers Refocus
News  |  1/23/2019  | 
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
Hack of Plug-in Website Ruffles WordPress Community
News  |  1/22/2019  | 
An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.
The Fact and Fiction of Homomorphic Encryption
Commentary  |  1/22/2019  | 
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
Real-World Threats That Trump Spectre & Meltdown
Slideshows  |  1/22/2019  | 
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
How Cybercriminals Clean Their Dirty Money
Commentary  |  1/22/2019  | 
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Shadow IT, IaaS & the Security Imperative
Commentary  |  1/21/2019  | 
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
2018's Most Common Vulnerabilities Include Issues New and Old
News  |  1/18/2019  | 
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
VC Investments in Cybersecurity Hit Record Highs in 2018
News  |  1/18/2019  | 
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
GDPR Suit Filed Against Amazon, Apple
Quick Hits  |  1/18/2019  | 
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
PCI Council Releases New Software Framework for DevOps Era
News  |  1/18/2019  | 
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Microsoft Launches New Azure DevOps Bug Bounty Program
Quick Hits  |  1/17/2019  | 
A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
New Attacks Target Recent PHP Framework Vulnerability
News  |  1/17/2019  | 
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Simulating Lateral Attacks Through Email
Commentary  |  1/17/2019  | 
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
Page 1 / 3   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.