Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2017
<<   <   Page 2 / 2
Stealthy New PLC Hack Jumps the Air Gap
News  |  11/9/2017  | 
Researchers at Black Hat Europe next month will demonstrate a data-exfiltration attack on Siemens PLCs that uses combination of code manipulation and Radio Frequency (RF) emissions.
'Eavesdropper' Exposes Millions of Mobile Conversations
News  |  11/9/2017  | 
App developers fail to remove their hardcoded credentials, affecting hundreds of millions of data records.
Hypervisors: Now a Tool to Protect against Security Blind Spots
Commentary  |  11/9/2017  | 
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
'Goldilocks' Legislation Aims to Clean up IoT Security
Partner Perspectives  |  11/9/2017  | 
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Siemens Teams Up with Tenable
News  |  11/8/2017  | 
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
The IoT Blindspot
News  |  11/8/2017  | 
Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.
Data Breach Record Exposure Up 305% from 2016
News  |  11/8/2017  | 
There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
Yahoo's Ex-CEO Mayer Calls Out Russian Hackers
Quick Hits  |  11/8/2017  | 
Former Yahoo Chief Executive Marissa Mayer apologizes for massive data breach that exposed billions of user accounts.
Cybercriminals Employ 'Driveby' Cryptocurrency Mining
News  |  11/8/2017  | 
Mining digital coins is a legal activity, but cybercriminals have discovered a new way to inject malware to perform the task.
Inhospitable: Hospitality & Dinings Worst Breaches in 2017
Slideshows  |  11/8/2017  | 
Hotels and restaurants are in the criminal crosshairs this year.
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017  | 
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Majority of US Companies' DDoS Defenses Breached
Quick Hits  |  11/7/2017  | 
Survey finds 69% of companies' distributed denial-of-service attack defenses were breached in the past year - despite confidence in their mitigation technologies.
How I Infiltrated a Fortune 500 Company with Social Engineering
Commentary  |  11/7/2017  | 
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Commentary  |  11/7/2017  | 
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
It Takes a Buck to Make a Million on the Dark Web
News  |  11/6/2017  | 
The cost for malware tools and services can add up, but the returns from cybercrime campaigns can be enormous, says Recorded Future.
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
News  |  11/6/2017  | 
Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
DDoS Flaw Found in Brother Printers
Quick Hits  |  11/6/2017  | 
All Brother printers with a Debut Web front-end carry a flaw that allows attackers to distribute a single malformed HTTP POST request, researchers revealed today.
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Commentary  |  11/6/2017  | 
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
Virtual Reality Could Serve as a Cybersecurity Recruiting Tool
News  |  11/6/2017  | 
A recent study finds 74% of millennials and post-millennials agree VR use in cybersecurity tools may entice them into an IT security career.
8 Older Companies Doing New Things in Security
Slideshows  |  11/6/2017  | 
These organizations have been around for a while but aren't slowing down on security releases.
External Attacker Leaked 'Paradise Papers,' Law Firm Reports
Quick Hits  |  11/6/2017  | 
The Paradise Papers contain 13.4m documents allegedly hacked by an outsider, the targeted law firm reports.
Hackers Poison Google Search Results to Deliver Zeus Panda
News  |  11/3/2017  | 
Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
Consumers Don't Trust Businesses Can Protect Their Data
News  |  11/3/2017  | 
New data shows fears of irresponsible handling of sensitive data, to a lack of control over their personal digital information breeds distrust among consumers.
4 Ways the Next Generation of Security Is Changing
Commentary  |  11/3/2017  | 
The CISO's job will get easier because of trends in the industry. Here's how.
Russian Election-Tampering & Enterprise Security Plans
Commentary  |  11/3/2017  | 
Take our new flash poll and tells us if the current political climate is making you rethink disaster recovery and business continuity planning.
Social Engineer Spills Tricks of the Trade
News  |  11/2/2017  | 
A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
iPhone X Face ID a Facial Biometrics Catalyst?
News  |  11/2/2017  | 
Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.
10 Mistakes End Users Make That Drive Security Managers Crazy
Slideshows  |  11/2/2017  | 
Here's a list of common, inadvertent missteps end users make that can expose company data.
Average Employee Manages Nearly 200 Passwords
News  |  11/1/2017  | 
But single sign-on support lacks in over 50% of the most popular websites and services used by workers.
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
News  |  11/1/2017  | 
Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
iPhone 7, Samsung Galaxy S8, Others Hacked in Pwn2Own
Quick Hits  |  11/1/2017  | 
Researchers participating in the Mobile Pwn2Own 2017 competition developed exploits for the iPhone 7, Samsung Galaxy S8, and others.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...