Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2015
Xen Patches 'Worst'-Ever Virtual Machine Escape Vulnerability
News  |  10/30/2015  | 
Bug remained undetected for seven years and enabled complete control of host system.
Security Analytics Still Greenfield Opportunity
News  |  10/29/2015  | 
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat
News  |  10/29/2015  | 
Study by Cyber Threat Alliance reveals sophisticated nature of the latest version of CryptoWall
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
Digital Certificate Security Fail
News  |  10/28/2015  | 
Eight percent of digital certificates served by websites had been revoked but are still in use, new study finds.
How Hackers Can Hack The Oil & Gas Industry Via ERP Systems
News  |  10/28/2015  | 
Researchers at Black Hat Europe next month will demonstrate how SAP applications can be used as a stepping-stone to sabotage oil & gas processes.
Apple iTunes & QuickTime Named 'Most Exposed' To Threats In US
News  |  10/27/2015  | 
Vulnerability report finds users lazy about patching Apple applications. Plus, in Q3, U.S. had more unpatched operating systems than any other country.
Attackers Demand Ransom Following Massive Hack on TalkTalk
News  |  10/23/2015  | 
Intrusion is believed to have exposed sensitive data on all four million customers of UK broadband provider.
Undermining Security By Attacking Computer Clocks
News  |  10/22/2015  | 
A team of researchers at Boston University has developed several attacks against the Network Time Protocol that is used to synchronize internal computer clocks on the Internet
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Commentary  |  10/22/2015  | 
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
Navigating New Security Architectures For Cloud Data Centers
Commentary  |  10/21/2015  | 
Micro-segmentation is a revolutionary approach to data center complexity and security. But not all architectures are created equal.
State Of Employee Security Behavior
News  |  10/20/2015  | 
End users still lacking situational awareness of security risks, says CompTIA report.
Secure Software Development in the IoT: 5 Golden Rules
Commentary  |  10/19/2015  | 
The evolving threat landscape doesnt merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently.
First Cyberterror Charges: DOJ Accuses Hacker Of Giving Military PII To ISIS
Quick Hits  |  10/16/2015  | 
The data was first stolen from an online retailer, and the suspect is awaiting extradition hearing in Malaysia.
From 55 Cents to $1,200: The Value Chain For Stolen Data
News  |  10/16/2015  | 
The latest pricing models for stolen information in the underground economy.
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Quick Hits  |  10/16/2015  | 
Critical bug wasn't expected to be fixed until next week.
The Internet of Things: Its All About Trust
Commentary  |  10/16/2015  | 
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
Pawn Storm Flashes A New Flash Zero-Day
News  |  10/15/2015  | 
Cyberespionage group shows off another piece of kit in attacks on foreign ministries.
An Atypical Approach To DNS
Commentary  |  10/15/2015  | 
Its now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Heres how -- and why -- you should care.
Dridex Takedown Might Show Evidence Of Good Guys Gains
News  |  10/14/2015  | 
Researchers believe Dridex swooped in to fill Gameover Zeus hole in the black market, but it didnt have time to grow as big as its predecessor before being stopped.
The State of Apple Security
Slideshows  |  10/14/2015  | 
A small market share and a trusted development environment protected Apple a long time, but will that last? Plus, EXCLUSIVE: more data on who's behind XCodeGhost.
'POODLE' One Year Later: Still Around? Not So Much
Commentary  |  10/14/2015  | 
As high-severity vulnerabilities go, POODLE remediation rates and times have proven to be astonishingly better than expected.
In Wake Of Resurgence, US-CERT Issues Alert About Dridex
Quick Hits  |  10/13/2015  | 
U.S. issues alert about banking Trojan, but recent attacks focus on U.K.
Why DevOps Fails At Application Security
Commentary  |  10/13/2015  | 
In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.
Japan's Cybercrime Underground On The Rise
News  |  10/13/2015  | 
New report sheds light on stealthy cybercrime operations in Japan.
Dell Acquisition of EMC Has Big Cybersecurity Implications
News  |  10/12/2015  | 
The devil will be in the details, but if company cooks up a winning integration strategy to combine the likes of SecureWorks and RSA, it is poised to become a major cybersecurity player.
Police Car Hacks: Under The Hood
Commentary  |  10/12/2015  | 
A closer look at how researchers hacked two Virginia State Trooper vehicles.
Jailbreaking Mobile Devices: Thats Not The Real Problem
Commentary  |  10/9/2015  | 
Despite what mobile operating system vendors say, its the OS flaws that put everyone at risk.
Researchers Warn Against Continuing Use Of SHA-1 Crypto Standard
News  |  10/8/2015  | 
New attack methods have made it economically feasible to crack SHA-1 much sooner than expected.
Chipping Away At Credit Card Fraud With EMV
Commentary  |  10/8/2015  | 
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But its not the silver bullet that will instantly stop all cybercrime.
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Commentary  |  10/7/2015  | 
Software-based machine learning attempts to emulate the same process that the brain uses. Heres how.
Defending & Exploiting SAP Systems
Defending & Exploiting SAP Systems
Dark Reading Videos  |  10/7/2015  | 
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
Cost Of Cybercrime Reaches $15 Million Annually Per Org
News  |  10/6/2015  | 
Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.
Dont Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
5 Signs Security's Finally Being Taken Seriously
News  |  10/5/2015  | 
It's taken years, but infosec may have finally won a seat at the table, as executive leadership reports more mature attitudes and practices.
Nuclear Plants' Cybersecurity Is Bad -- And Hard To Fix
News  |  10/5/2015  | 
Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros.
Segmentation: A Fire Code For Network Security
Commentary  |  10/5/2015  | 
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Heres a 33-year history from Elk Cloner to Cryptolocker. What will be next?
Stagefright 2.0 Vuln Affects Nearly All Android Devices
News  |  10/1/2015  | 
Worst threat is only to version 5.0 Lollipop and later.
And Now A Malware Tool That Has Your Back
News  |  10/1/2015  | 
In an unusual development, white hat malware is being used to secure thousands of infected systems, not to attack them, Symantec says.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.