Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2017
Page 1 / 2   >   >>
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Retail and Hospitality Breaches Declined Over Past 2 Years
News  |  11/28/2017  | 
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
New BankBot Version Avoids Detection in Google Play -- Again
News  |  11/27/2017  | 
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
Uber's Security Slip-ups: What Went Wrong
News  |  11/27/2017  | 
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Thoma Bravo to Acquire Barracuda Networks for $1.6 billion
Quick Hits  |  11/27/2017  | 
The cloud email security and management company accepts buyout offer as a means to accelerate its growth.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Intel Firmware Flaws Found
News  |  11/22/2017  | 
Another big firmware security issue affecting Intel processors, requires OEM updates.
Samsung Pay Leaks Mobile Device Information
News  |  11/22/2017  | 
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
A Call for Greater Regulation of Digital Currencies
News  |  11/21/2017  | 
A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Iranian Nation-State Hacker Indicted for HBO Hack, Extortion
Quick Hits  |  11/21/2017  | 
'Winter is coming,' DoJ official says of overseas hackers such as the alleged HBO hacker who steal intellectual property from the US.
Half of Americans Unsure of Online Shopping Safety
Quick Hits  |  11/21/2017  | 
Consumers struggle to determine the safety of online shopping websites, putting them at risk for holiday hacking.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
6 Real Black Friday Phishing Lures
Slideshows  |  11/21/2017  | 
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
Researcher Finds Hole in Windows ASLR Security Defense
News  |  11/20/2017  | 
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
DDoS Attack Attempts Doubled in 6 Months
Quick Hits  |  11/20/2017  | 
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
New Guide for Political Campaign Cybersecurity Debuts
Quick Hits  |  11/20/2017  | 
The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.
Businesses Can't Tell Good Bots from Bad Bots: Report
Quick Hits  |  11/17/2017  | 
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
Mobile Malware Incidents Hit 100% of Businesses
News  |  11/17/2017  | 
Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
Terdot Banking Trojan Spies on Email, Social Media
News  |  11/16/2017  | 
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
Optiv Acquires Decision Lab to Expand Big Data Services
Quick Hits  |  11/16/2017  | 
Deal enhances Optiv's big data, automation, and orchestration efforts.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Death of the Tier 1 SOC Analyst
News  |  11/16/2017  | 
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
Stealthy Android Malware Found in Google Play
News  |  11/15/2017  | 
Eight apps found infected with a new Trojan family that ups the ante in obfuscation with four payload stages.
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
NSA Veterans Land $1.5 Million in Funding for Startup
Quick Hits  |  11/15/2017  | 
ReFirm Labs' launches Centrifuge Platform, which aims to automatically detect security vulnerabilities in IoT firmware.
Insider Threats: Red Flags and Best Practices
Slideshows  |  11/15/2017  | 
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
2017 Has Broken the Record for Security Vulnerabilities
Quick Hits  |  11/14/2017  | 
Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
News  |  11/14/2017  | 
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Enterprise Physical Security Drives IoT Adoption
News  |  11/14/2017  | 
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.
Companies Blindly Believe They've Locked Down Users' Mobile Use
News  |  11/14/2017  | 
IT security teams may be in for a surprise about their mobile exposure as the GDPR compliance deadline approaches, according to a new survey.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
ADT Expands Cybersecurity Business with Purchase of Datashield
News  |  11/14/2017  | 
Home and business security giant launches ADT Cybersecurity to offer managed detection and response (MDR) service.
Russian Developer Snuck Cryptocurrency Mining into Android Apps
News  |  11/14/2017  | 
Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
New Banking Trojan Similar to Dridex, Zeus, Gozi
News  |  11/13/2017  | 
IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
New Locky Ransomware Takes Another Turn
News  |  11/10/2017  | 
A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Google Updates Chrome to Prevent Unwanted Content, Redirects
Quick Hits  |  11/10/2017  | 
Changes to Google Chrome aim to prevent users from being redirected to unexpected websites and unwanted content.
6 Steps for Sharing Threat Intelligence
Slideshows  |  11/10/2017  | 
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
Why Common Sense Is Not so Common in Security: 20 Answers
Commentary  |  11/10/2017  | 
Or, questions vendors need to ask themselves before they write a single word of marketing material.
Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches
News  |  11/9/2017  | 
Short-staffed cybersecurity teams contribute to data breaches and cyberattacks levied against their organizations, a survey finds.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.