Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2019
Page 1 / 2   >   >>
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
News  |  10/31/2019  | 
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
Slow Retreat from Python 2 Threatens Code Security
News  |  10/31/2019  | 
The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?
Coalfire CEO Wants Criminal Charges Against His Employees Dropped
Quick Hits  |  10/31/2019  | 
Felony charges against two employees tasked with testing the physical security of the Dallas County, Iowa, courthouse have been lessened, but that's not enough, CEO says.
Quantifying Security Results to Justify Costs
Commentary  |  10/31/2019  | 
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
As Phishing Kits Evolve, Their Lifespans Shorten
News  |  10/30/2019  | 
Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.
Ransomware Attack Hits Las Cruces, New Mexico Public Schools
Quick Hits  |  10/30/2019  | 
The attack early in the morning of October 29 has taken all of the school district's systems offline.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Email Threats Poised to Haunt Security Pros into Next Decade
Commentary  |  10/30/2019  | 
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
8 Trends in Vulnerability and Patch Management
Slideshows  |  10/30/2019  | 
Unpatched flaws continue to be a major security issue for many organizations.
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Old RAT, New Moves: Adwind Hides in Java Commands to Target Windows
News  |  10/29/2019  | 
The Adwind remote access Trojan conceals malicious activity in Java commands to slip past threat intelligence tools and steal user data.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Who Made the List Of 2019's Nastiest Malware?
Quick Hits  |  10/29/2019  | 
This year's compilation features well-known ransomware, botnet, and cryptomining software.
Pwn2Own Adds Industrial Control Systems to Hacking Contest
News  |  10/28/2019  | 
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
Database Error Exposes 7.5 Million Adobe Customer Records
Quick Hits  |  10/28/2019  | 
The database was open for approximately one week before the problem was discovered.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
Microsoft Office Bug Remains Top Malware Delivery Vector
News  |  10/25/2019  | 
CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of 2019.
Online Beauty Store Hit by Magecart Attack
Quick Hits  |  10/25/2019  | 
An e-skimmer placed on the Procter & Gambleowned First Aid Beauty site to steal payment card data went undetected for five months.
Second Ransomware Attack Strikes Johannesburg
Quick Hits  |  10/25/2019  | 
Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.
FBI Expands Election Security Initiative
Quick Hits  |  10/24/2019  | 
The program offers resources and advice to help protect elections at every level within the US.
It's Time to Improve Website Identity Indicators, Not Remove Them
Commentary  |  10/24/2019  | 
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Eight-Hour DDoS Attack Struck AWS Customers
Quick Hits  |  10/24/2019  | 
Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS.
Why Organizations Must Quantify Cyber-Risk in Business Terms
Commentary  |  10/24/2019  | 
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
Oracle Releases Free Tool for Monitoring Internet Routing Security
News  |  10/23/2019  | 
IXP Filter Check gives Internet Exchange Points a way to verify whether they are properly filtering out incorrect and malicious routes.
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Slideshows  |  10/23/2019  | 
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices and critical business data best protected.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
Avast Foils Another CCleaner Attack
News  |  10/21/2019  | 
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
SOC Operations: 6 Vital Lessons & Pitfalls
Commentary  |  10/21/2019  | 
There is no one road to security operations success, but these guidelines will smooth your path.
Tor Weaponized to Steal Bitcoin
Quick Hits  |  10/18/2019  | 
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Quick Hits  |  10/17/2019  | 
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Data Privacy Protections for the Most Vulnerable Children
Commentary  |  10/17/2019  | 
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Typosquatting Websites Proliferate in Run-up to US Elections
News  |  10/16/2019  | 
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Sodinokibi Ransomware: Where Attackers' Money Goes
News  |  10/15/2019  | 
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
IoT Attacks Up Significantly in First Half of 2019
Quick Hits  |  10/15/2019  | 
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
Page 1 / 2   >   >>


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.