Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2018
<<   <   Page 2 / 2
7 Ways a Collaboration System Could Wreck Your IT Security
Slideshows  |  10/18/2018  | 
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Apache Access Vulnerability Could Affect Thousands of Applications
News  |  10/18/2018  | 
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
News  |  10/18/2018  | 
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
Quick Hits  |  10/17/2018  | 
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
News  |  10/16/2018  | 
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
One-Third of US Adults Hit with Identity Theft
Quick Hits  |  10/11/2018  | 
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Commentary  |  10/9/2018  | 
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Most Home Routers Are Full of Vulnerabilities
Quick Hits  |  10/5/2018  | 
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
7 Steps to Start Your Risk Assessment
Slideshows  |  10/4/2018  | 
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
For $14.71, You Can Buy A Passport Scan on the Dark Web
News  |  10/4/2018  | 
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
An Intro to Intra, the Android App for DNS Encryption
News  |  10/3/2018  | 
Alphabet's Jigsaw has released Intra, a free security app that aims to prevent government censorship.
Putting Security on Par with DevOps
Commentary  |  10/3/2018  | 
Inside the cloud, innovation and automation shouldn't take a toll on protection.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
Stop Saying 'Digital Pearl Harbor'
Commentary  |  10/2/2018  | 
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
CISOs: How to Answer the 5 Questions Boards Will Ask You
Commentary  |  10/2/2018  | 
As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.
'Short, Brutal Lives': Life Expectancy for Malicious Domains
News  |  10/1/2018  | 
Using a cooling-off period for domain names can help catch those registered by known bad actors.
The Right Diagnosis: A Cybersecurity Perspective
Commentary  |  10/1/2018  | 
A healthy body and a healthy security organization have a lot more in common than most people think.
<<   <   Page 2 / 2


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.