Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2015
Xen Patches 'Worst'-Ever Virtual Machine Escape Vulnerability
News  |  10/30/2015  | 
Bug remained undetected for seven years and enabled complete control of host system.
Security Analytics Still Greenfield Opportunity
News  |  10/29/2015  | 
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat
News  |  10/29/2015  | 
Study by Cyber Threat Alliance reveals sophisticated nature of the latest version of CryptoWall
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
Digital Certificate Security Fail
News  |  10/28/2015  | 
Eight percent of digital certificates served by websites had been revoked but are still in use, new study finds.
How Hackers Can Hack The Oil & Gas Industry Via ERP Systems
News  |  10/28/2015  | 
Researchers at Black Hat Europe next month will demonstrate how SAP applications can be used as a stepping-stone to sabotage oil & gas processes.
Apple iTunes & QuickTime Named 'Most Exposed' To Threats In US
News  |  10/27/2015  | 
Vulnerability report finds users lazy about patching Apple applications. Plus, in Q3, U.S. had more unpatched operating systems than any other country.
Attackers Demand Ransom Following Massive Hack on TalkTalk
News  |  10/23/2015  | 
Intrusion is believed to have exposed sensitive data on all four million customers of UK broadband provider.
Undermining Security By Attacking Computer Clocks
News  |  10/22/2015  | 
A team of researchers at Boston University has developed several attacks against the Network Time Protocol that is used to synchronize internal computer clocks on the Internet
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Commentary  |  10/22/2015  | 
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
Navigating New Security Architectures For Cloud Data Centers
Commentary  |  10/21/2015  | 
Micro-segmentation is a revolutionary approach to data center complexity and security. But not all architectures are created equal.
State Of Employee Security Behavior
News  |  10/20/2015  | 
End users still lacking situational awareness of security risks, says CompTIA report.
Secure Software Development in the IoT: 5 Golden Rules
Commentary  |  10/19/2015  | 
The evolving threat landscape doesnt merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently.
First Cyberterror Charges: DOJ Accuses Hacker Of Giving Military PII To ISIS
Quick Hits  |  10/16/2015  | 
The data was first stolen from an online retailer, and the suspect is awaiting extradition hearing in Malaysia.
From 55 Cents to $1,200: The Value Chain For Stolen Data
News  |  10/16/2015  | 
The latest pricing models for stolen information in the underground economy.
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Quick Hits  |  10/16/2015  | 
Critical bug wasn't expected to be fixed until next week.
The Internet of Things: Its All About Trust
Commentary  |  10/16/2015  | 
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
Pawn Storm Flashes A New Flash Zero-Day
News  |  10/15/2015  | 
Cyberespionage group shows off another piece of kit in attacks on foreign ministries.
An Atypical Approach To DNS
Commentary  |  10/15/2015  | 
Its now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Heres how -- and why -- you should care.
Dridex Takedown Might Show Evidence Of Good Guys Gains
News  |  10/14/2015  | 
Researchers believe Dridex swooped in to fill Gameover Zeus hole in the black market, but it didnt have time to grow as big as its predecessor before being stopped.
The State of Apple Security
Slideshows  |  10/14/2015  | 
A small market share and a trusted development environment protected Apple a long time, but will that last? Plus, EXCLUSIVE: more data on who's behind XCodeGhost.
'POODLE' One Year Later: Still Around? Not So Much
Commentary  |  10/14/2015  | 
As high-severity vulnerabilities go, POODLE remediation rates and times have proven to be astonishingly better than expected.
In Wake Of Resurgence, US-CERT Issues Alert About Dridex
Quick Hits  |  10/13/2015  | 
U.S. issues alert about banking Trojan, but recent attacks focus on U.K.
Why DevOps Fails At Application Security
Commentary  |  10/13/2015  | 
In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.
Japan's Cybercrime Underground On The Rise
News  |  10/13/2015  | 
New report sheds light on stealthy cybercrime operations in Japan.
Dell Acquisition of EMC Has Big Cybersecurity Implications
News  |  10/12/2015  | 
The devil will be in the details, but if company cooks up a winning integration strategy to combine the likes of SecureWorks and RSA, it is poised to become a major cybersecurity player.
Police Car Hacks: Under The Hood
Commentary  |  10/12/2015  | 
A closer look at how researchers hacked two Virginia State Trooper vehicles.
Jailbreaking Mobile Devices: Thats Not The Real Problem
Commentary  |  10/9/2015  | 
Despite what mobile operating system vendors say, its the OS flaws that put everyone at risk.
Researchers Warn Against Continuing Use Of SHA-1 Crypto Standard
News  |  10/8/2015  | 
New attack methods have made it economically feasible to crack SHA-1 much sooner than expected.
Chipping Away At Credit Card Fraud With EMV
Commentary  |  10/8/2015  | 
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But its not the silver bullet that will instantly stop all cybercrime.
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Commentary  |  10/7/2015  | 
Software-based machine learning attempts to emulate the same process that the brain uses. Heres how.
Defending & Exploiting SAP Systems
Defending & Exploiting SAP Systems
Dark Reading Videos  |  10/7/2015  | 
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
Cost Of Cybercrime Reaches $15 Million Annually Per Org
News  |  10/6/2015  | 
Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.
Dont Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
5 Signs Security's Finally Being Taken Seriously
News  |  10/5/2015  | 
It's taken years, but infosec may have finally won a seat at the table, as executive leadership reports more mature attitudes and practices.
Nuclear Plants' Cybersecurity Is Bad -- And Hard To Fix
News  |  10/5/2015  | 
Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros.
Segmentation: A Fire Code For Network Security
Commentary  |  10/5/2015  | 
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Heres a 33-year history from Elk Cloner to Cryptolocker. What will be next?
Stagefright 2.0 Vuln Affects Nearly All Android Devices
News  |  10/1/2015  | 
Worst threat is only to version 5.0 Lollipop and later.
And Now A Malware Tool That Has Your Back
News  |  10/1/2015  | 
In an unusual development, white hat malware is being used to secure thousands of infected systems, not to attack them, Symantec says.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.