Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2017
Page 1 / 2   >   >>
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Retail and Hospitality Breaches Declined Over Past 2 Years
News  |  11/28/2017  | 
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
New BankBot Version Avoids Detection in Google Play -- Again
News  |  11/27/2017  | 
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
Uber's Security Slip-ups: What Went Wrong
News  |  11/27/2017  | 
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Thoma Bravo to Acquire Barracuda Networks for $1.6 billion
Quick Hits  |  11/27/2017  | 
The cloud email security and management company accepts buyout offer as a means to accelerate its growth.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Intel Firmware Flaws Found
News  |  11/22/2017  | 
Another big firmware security issue affecting Intel processors, requires OEM updates.
Samsung Pay Leaks Mobile Device Information
News  |  11/22/2017  | 
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
A Call for Greater Regulation of Digital Currencies
News  |  11/21/2017  | 
A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Iranian Nation-State Hacker Indicted for HBO Hack, Extortion
Quick Hits  |  11/21/2017  | 
'Winter is coming,' DoJ official says of overseas hackers such as the alleged HBO hacker who steal intellectual property from the US.
Half of Americans Unsure of Online Shopping Safety
Quick Hits  |  11/21/2017  | 
Consumers struggle to determine the safety of online shopping websites, putting them at risk for holiday hacking.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
6 Real Black Friday Phishing Lures
Slideshows  |  11/21/2017  | 
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
Researcher Finds Hole in Windows ASLR Security Defense
News  |  11/20/2017  | 
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
DDoS Attack Attempts Doubled in 6 Months
Quick Hits  |  11/20/2017  | 
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
New Guide for Political Campaign Cybersecurity Debuts
Quick Hits  |  11/20/2017  | 
The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.
Businesses Can't Tell Good Bots from Bad Bots: Report
Quick Hits  |  11/17/2017  | 
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
Mobile Malware Incidents Hit 100% of Businesses
News  |  11/17/2017  | 
Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
Terdot Banking Trojan Spies on Email, Social Media
News  |  11/16/2017  | 
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
Optiv Acquires Decision Lab to Expand Big Data Services
Quick Hits  |  11/16/2017  | 
Deal enhances Optiv's big data, automation, and orchestration efforts.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Death of the Tier 1 SOC Analyst
News  |  11/16/2017  | 
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
Stealthy Android Malware Found in Google Play
News  |  11/15/2017  | 
Eight apps found infected with a new Trojan family that ups the ante in obfuscation with four payload stages.
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
NSA Veterans Land $1.5 Million in Funding for Startup
Quick Hits  |  11/15/2017  | 
ReFirm Labs' launches Centrifuge Platform, which aims to automatically detect security vulnerabilities in IoT firmware.
Insider Threats: Red Flags and Best Practices
Slideshows  |  11/15/2017  | 
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
2017 Has Broken the Record for Security Vulnerabilities
Quick Hits  |  11/14/2017  | 
Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
News  |  11/14/2017  | 
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Enterprise Physical Security Drives IoT Adoption
News  |  11/14/2017  | 
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.
Companies Blindly Believe They've Locked Down Users' Mobile Use
News  |  11/14/2017  | 
IT security teams may be in for a surprise about their mobile exposure as the GDPR compliance deadline approaches, according to a new survey.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
ADT Expands Cybersecurity Business with Purchase of Datashield
News  |  11/14/2017  | 
Home and business security giant launches ADT Cybersecurity to offer managed detection and response (MDR) service.
Russian Developer Snuck Cryptocurrency Mining into Android Apps
News  |  11/14/2017  | 
Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
New Banking Trojan Similar to Dridex, Zeus, Gozi
News  |  11/13/2017  | 
IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
New Locky Ransomware Takes Another Turn
News  |  11/10/2017  | 
A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Google Updates Chrome to Prevent Unwanted Content, Redirects
Quick Hits  |  11/10/2017  | 
Changes to Google Chrome aim to prevent users from being redirected to unexpected websites and unwanted content.
6 Steps for Sharing Threat Intelligence
Slideshows  |  11/10/2017  | 
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
Why Common Sense Is Not so Common in Security: 20 Answers
Commentary  |  11/10/2017  | 
Or, questions vendors need to ask themselves before they write a single word of marketing material.
Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches
News  |  11/9/2017  | 
Short-staffed cybersecurity teams contribute to data breaches and cyberattacks levied against their organizations, a survey finds.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...