Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2016
Page 1 / 2   >   >>
Google Warns Of Windows Zero-Day Under Attack
Quick Hits  |  10/31/2016  | 
'Critical' vulnerability found by Google has yet to be announced or fixed by Microsoft.
'Do Gooder Worm' Changes Default Passwords In Vulnerable IoT Devices
News  |  10/31/2016  | 
A security researcher has proposed an unusual approach for protecting Internet of Things devices against Mirai-like threats. It's not likely to see the light of day, either.
In A World With Automation, Where Does Human Intelligence Fit In?
Commentary  |  10/31/2016  | 
For all the talk about robots taking over jobs, there are still important roles for humans in incident response workflows of the not-too-distant future. Here are three.
The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints
Commentary  |  10/31/2016  | 
Sure, it's tempting to chase whatever collaboration technology is hot at the moment, but this can cause serious data security risks.
And Now A PREDATOR To Fight DNS Domain Abuse
News  |  10/28/2016  | 
Researchers at Princeton and elsewhere demo a new tool for spotting people registering domains for malicious purposes.
A Ransomware Tutorial For SMBs
Commentary  |  10/28/2016  | 
Small-to-medium-sized businesses are an easy target for ransomware. Here are four tips that will minimize the risk.
US Charges Several In India Call Center Scam
Quick Hits  |  10/28/2016  | 
Authorities file charges against 61 in a phone fraud that cheated 15,000 out of $250 million via identity theft and impersonation.
How Clinton, Trump Could Champion Cybersecurity
News  |  10/27/2016  | 
The major party Presidential candidates, which both have experienced the aftermath of hacks and poor security practices of their own, could serve as 'poster children' and advocate for better cybersecurity, experts say.
'AtomBombing' Microsoft Windows Via Code Injection
News  |  10/27/2016  | 
Researchers have identified a new way to inject malicious code into Windows systems -- and it doesn't exploit a vulnerability.
How To Build A Strong Security Awareness Program
Commentary  |  10/27/2016  | 
To become more secure, focus your training and manage your top risks.
Jose Santana Pleads Guilty In Cell Phone Fraud Scheme
Quick Hits  |  10/27/2016  | 
Santana and co-conspirators committed identity theft costing victims $150,000, according to US Department of Justice.
Florida Man To Plead Guilty in JPMorgan, Bitcoin Hack Case
Quick Hits  |  10/27/2016  | 
In Manhattan District Court today Michael Murgio will admit to operating an illegal money transmitting business and paying a bribe to gain access to a credit union.
20 Endpoint Security Questions You Never Thought to Ask
Commentary  |  10/26/2016  | 
The endpoint detection and response market is exploding! Heres how to make sense of the options, dig deeper, and separate vendor fact from fiction.
Getting To The 'Just Right' Level Of Encryption
Commentary  |  10/26/2016  | 
The key to unlocking secure business messaging is controlling who has the key.
NHTSA Issues Cybersecurity Best Practices For Automakers
News  |  10/25/2016  | 
Focus is on limiting access to electronic components and what someone can do with that access.
St. Jude Implant Case: Expert Validates Muddy Waters Claim
Quick Hits  |  10/25/2016  | 
Cybersecurity firm Bishop Fox says tests have confirmed that cardiac devices made by St. Jude are susceptible to hacking.
Blockchain & The Battle To Secure Digital Identities
Commentary  |  10/25/2016  | 
This emerging technology is a promising way to verify transactions without compromising your digital identity.
'Root' & The New Age Of IoT-Based DDoS Attacks
News  |  10/24/2016  | 
Last Friday's massive DDoS that exploited online cameras and DVRs was simple to pull off -- and a new chapter in online attacks.
New Financial System Analysis & Resilience Center Formed
Quick Hits  |  10/24/2016  | 
Associated with Financial Services ISAC (FS-ISAC), the new FSARC works more closely with government partners for deeper threat analysis and systemic defense of financial sector.
Deleting Emails Original Sin: An Historical Perspective
Commentary  |  10/24/2016  | 
Can DMARC do for email security what SSL certificates did for e-commerce?
A Proactive Approach To Vulnerability Management: 3 Steps
Commentary  |  10/22/2016  | 
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
Flipping Security Awareness Training
Commentary  |  10/21/2016  | 
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
Why Poor Cyber Hygiene Invites Risk
Commentary  |  10/20/2016  | 
Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain.
9 Sources For Tracking New Vulnerabilities
Slideshows  |  10/20/2016  | 
Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge.
Muddy Waters Releases New Info About St. Jude Medical Device Flaws
Quick Hits  |  10/19/2016  | 
Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched: profitsoverpatients.com.
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
St. Jude Medical Plans Cybersecurity Advisory Panel
Quick Hits  |  10/19/2016  | 
The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety.
'Kevin Durant Effect': What Skilled Cybersecurity Pros Want
News  |  10/19/2016  | 
For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds.
Open Source, Third-Party Software Flaws Still Dog Developers
News  |  10/18/2016  | 
The new 2016 State of Software Security Report from Veracode shows the hazards of buggy libraries and applications.
A Job In Security Leads To Job Security
Commentary  |  10/18/2016  | 
Developers who focus on secure development skills find themselves in high demand.
US GOP Senate Committee Allegedly Target Of Russian Hackers
Quick Hits  |  10/18/2016  | 
Dutch researcher finds NRSC web store among 5,900 e-commerce sites infected with malware designed to steal payment card details.
Clearing A Path To The Cybersecurity Field
Commentary  |  10/17/2016  | 
Tune in to Dark Reading Radio on Wednesday, Oct. 19 at 1pmET, when we'll discuss what specific efforts in industry, academia, and government, are under way to fill the cybersecurity skills gap.
How To Become A Cybersecurity Entrepreneur In A Crowded Market
Commentary  |  10/17/2016  | 
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
Hacking Voting Systems: A Reality Check
Commentary  |  10/17/2016  | 
Can democracy be hacked? Yes, but not in the way you might think.
Encryption: A Backdoor For One Is A Backdoor For All
Commentary  |  10/14/2016  | 
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
80% Of IT Pros Say Users Set Up Unapproved Cloud Services
News  |  10/13/2016  | 
Shadow IT is a growing risk concern among IT pros, with most reporting users have gone behind their backs to set up unapproved cloud services.
Internet Routing Security Effort Gains Momentum
News  |  10/13/2016  | 
More than 40 network operators agree to filter routing information, prevent IP address-spoofing, and to work together to thwart Internet traffic abuse and problems.
Access, Trust, And The Rise Of Electronic Personal Assistants
Partner Perspectives  |  10/13/2016  | 
App and device makers are working hard to deliver user control over privacy.
IoT Default Passwords: Just Don't Do It
Commentary  |  10/13/2016  | 
The rise of the Internet of Things makes the use of default passwords especially perilous. There are better options.
Certifying Software: Why Were Not There Yet
Commentary  |  10/12/2016  | 
Finding a solution to the software security and hygiene problem will take more than an Underwriters Lab seal of approval.
G7 Nations Plan To Team Up To Tackle Financial Cybercrime
Quick Hits  |  10/12/2016  | 
Group of Seven nations new guidelines include sharing updates by governments, private firms and regulators, plus joint address of shortfalls.
US-CERT Cautions Against Phishing Scams In Aftermath Of Hurricane Matthew
Quick Hits  |  10/12/2016  | 
The government agency for cyber protection provides steps to follow before opening links or attachments with Hurricane Matthew tag.
Executable Files, Old Exploit Kits Top Most Effective Attack Methods
News  |  10/12/2016  | 
Researchers for the new 'Hacker's Playbook' analyzed 4 million breach methods from an attacker's point of view to gauge the real risks today to enterprises.
Political Positions On Cybersecurity Matter To Millennials
News  |  10/12/2016  | 
New study on millennials and cybersecurity points to a growing awareness of the field, an interest in pursuing careers in security, and the influence of cybersecurity in politics.
France's TV5Monde Was Victim Of Vicious Cyberattack In 2015
Quick Hits  |  10/11/2016  | 
Hackers, allegedly Russians, targeted encoder systems in an attempt to destroy the network and cause major technical and financial damages.
UN Watchdog: Nuclear Plants Disrupted By Cyberattack
Quick Hits  |  10/11/2016  | 
IAEA director Yukiya Amano says cyber threats to nuclear plants are "not an imaginary risk."
Online Gaming Currency Funds Cybercrime In Real Life
News  |  10/11/2016  | 
You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
Cyber Hunters, Incident Response & The Changing Nature Of Network Defense
Commentary  |  10/11/2016  | 
Or how I learned that network defense needs to evolve from a game of "stumbled upon" to "search and discover."
Database Breaches: An Alarming Lack Of Preparedness
Commentary  |  10/10/2016  | 
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
US Formally Accuses Russia Of Stealing DNC Emails
Quick Hits  |  10/7/2016  | 
No word on what sanctions, if any, are coming.
Page 1 / 2   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.