Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2017
Page 1 / 3   >   >>
North Korea Faces Accusations of Hacking Warship Builder Daewoo
Quick Hits  |  10/31/2017  | 
North Korea suspected by South Korea of stealing warship blueprints from Daewoo Shipbuilding & Marine Engineering.
Office 365 Missed 34,000 Phishing Emails Last Month
News  |  10/31/2017  | 
Nearly 10% of emails delivered to Office 365 inboxes were spam, phishing messages, and known or zero-day malware.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Trump Administration to Craft New Cybersecurity Plan
Quick Hits  |  10/31/2017  | 
Strategy will mirror President Trump's cybersecurity Executive Order.
How to Make a Ransomware Payment - Fast
Slideshows  |  10/31/2017  | 
Paying ransom in a ransomware attack isn't recommended, but sometimes, it's necessary. Here's how to pay by cryptocurrency.
10 Scariest Ransomware Attacks of 2017
News  |  10/31/2017  | 
A look back at WannaCry, NotPetya, Locky, and other destructive ransomware campaigns to infect the world this year.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Phishing Kits Regularly Reused by Cybercriminals
News  |  10/31/2017  | 
In 27% of cases, a phishing kit is re-used on more than one host.
Majority of Employees Hit with Ransomware Personally Make Payment
News  |  10/31/2017  | 
Office workers pay an average ransom of $1,400, according to a new report.
Google Bug Database Flaws Expose Severe Vulnerabilities
Quick Hits  |  10/30/2017  | 
A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Slideshows  |  10/30/2017  | 
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
Kaspersky Expects US Sales to Decline in 2017
Quick Hits  |  10/30/2017  | 
CEO points to an "information war" against his company as the cause of the revenue drop.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Web Attacks Spike in Financial Industry
News  |  10/27/2017  | 
Web application compromise beats human error as the top data breach cause, putting finance companies at risk for larger attacks, according to a new study.
Identity Theft Ring Hit with Credit Card Fraud Indictment
Quick Hits  |  10/27/2017  | 
A federal grand jury indicts six individuals on criminal charges relating to credit card and debit card fraud.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Passwords Use Alone Still Trumps Multi-Factor Authentication
News  |  10/27/2017  | 
Strong authentication use overall remains weak but is starting to gain some ground with enterprises.
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
News  |  10/26/2017  | 
Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.
Security Forecast: Cloudy with Low Data Visibility
News  |  10/26/2017  | 
Businesses are moving more sensitive data to the cloud but struggle to monitor and manage it once it's there.
'Reaper' IoT Botnet Likely a DDoS-for-Hire Tool
Quick Hits  |  10/26/2017  | 
Latest IoT botnet commandeers 10,000 to 20,000 devices with an additional 2 million hosts identified.
Bad Rabbit Used Pilfered NSA Exploit
News  |  10/26/2017  | 
Turns out the fast and furious ransomware campaign in Eastern Europe this week employed the so-called 'BadRomance' tool to help it spread.
Dark Web Marketplaces' New Home: Mobile Messaging Apps
News  |  10/26/2017  | 
Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.
30% of Major CEOs Have Had Passwords Exposed
Quick Hits  |  10/26/2017  | 
One in three CEOs have had passwords leaked through online services where they registered with a corporate email address.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
Doubling Up on AV Fails to Protect 40% of Users from Malware Attacks
News  |  10/26/2017  | 
Traditional signature-based antivirus solutions are falling short on protecting endpoints, even when there are two or more deployed.
Kaspersky Lab Collected, Then Deleted NSA File from a Home Computer
News  |  10/25/2017  | 
Concerns over handling classified US data one of the reasons why Kaspersky Lab CEO ordered file deletion, company says.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Third Man Charged in Hacking Celebrities' iCloud and Gmail Accounts
Quick Hits  |  10/25/2017  | 
An Illinois man is charged with hacking into more than 550 accounts that belong to entertainment industry figures and others.
Productivity, Operations Hardest-Hit by Endpoint Attacks
Quick Hits  |  10/25/2017  | 
Operational outcomes from infected endpoints are more common than data loss or financial effects, researchers found.
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
New Cybercrime Insurance Policy Protects the 'High Net Worth' Set
Quick Hits  |  10/24/2017  | 
Rubica is offering its active subscribers a $1 million cybersecurity insurance policy via its partner PURE Starling.
10 Steps for Stretching Your IT Security Budget
Slideshows  |  10/24/2017  | 
When the budget gods decline your request for an increase, here are 10 ways to stretch that dollar.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
Opera, Vivaldi Co-Founder Talks Internet Privacy
News  |  10/24/2017  | 
Most people don't understand the extent to which their personal information is at risk, says Jon von Tetzchner, who founded the Opera and Vivaldi browser firms.
New Tool Debuts for Hacking Back at Hackers in Your Network
News  |  10/24/2017  | 
Deception technology firm Cymmetria offers a new offense option for defenders.
Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms
News  |  10/23/2017  | 
More than a quarter of mobile devices used by financial services employees carry known vulnerabilities, according to a recent report.
Kaspersky Lab Offers Up its Source Code for Inspection
News  |  10/23/2017  | 
Beleaguered security vendor fights back against Russian-spying claims with new transparency program aimed at assuaging concerns.
Google Play Bug Bounty Program Debuts
Quick Hits  |  10/23/2017  | 
Google teams up with HackerOne to create the Google Play Security Reward Program.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
IOTroop Botnet Hits Over a Million Organizations in Under 30 Days
Quick Hits  |  10/20/2017  | 
The IoT botnet is expected to spread faster than Mirai.
The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
News  |  10/20/2017  | 
Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Overlay Technique from Brazilian Banking Trojans Making Resurgence
News  |  10/20/2017  | 
New analysis says heavy reliance on overlays and manual remote execution of transactions being combined with more advanced features of traditional banking Trojans
IoT Deployment Security Top Concern for Enterprises
Quick Hits  |  10/19/2017  | 
A new survey shows that 63% of respondents are worried about the impact of the Internet of Things on corporate security technologies and processes.
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
New Locky Ransomware Strain Emerges
News  |  10/19/2017  | 
Latest version goes by the .asasin extension and is collecting information on users' computer operating system and IP address.
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
Page 1 / 3   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15943
PUBLISHED: 2019-09-19
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.