Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2017
<<   <   Page 2 / 2
Stealthy New PLC Hack Jumps the Air Gap
News  |  11/9/2017  | 
Researchers at Black Hat Europe next month will demonstrate a data-exfiltration attack on Siemens PLCs that uses combination of code manipulation and Radio Frequency (RF) emissions.
'Eavesdropper' Exposes Millions of Mobile Conversations
News  |  11/9/2017  | 
App developers fail to remove their hardcoded credentials, affecting hundreds of millions of data records.
Hypervisors: Now a Tool to Protect against Security Blind Spots
Commentary  |  11/9/2017  | 
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
'Goldilocks' Legislation Aims to Clean up IoT Security
Partner Perspectives  |  11/9/2017  | 
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Siemens Teams Up with Tenable
News  |  11/8/2017  | 
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
The IoT Blindspot
News  |  11/8/2017  | 
Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.
Data Breach Record Exposure Up 305% from 2016
News  |  11/8/2017  | 
There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
Yahoo's Ex-CEO Mayer Calls Out Russian Hackers
Quick Hits  |  11/8/2017  | 
Former Yahoo Chief Executive Marissa Mayer apologizes for massive data breach that exposed billions of user accounts.
Cybercriminals Employ 'Driveby' Cryptocurrency Mining
News  |  11/8/2017  | 
Mining digital coins is a legal activity, but cybercriminals have discovered a new way to inject malware to perform the task.
Inhospitable: Hospitality & Dinings Worst Breaches in 2017
Slideshows  |  11/8/2017  | 
Hotels and restaurants are in the criminal crosshairs this year.
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017  | 
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Majority of US Companies' DDoS Defenses Breached
Quick Hits  |  11/7/2017  | 
Survey finds 69% of companies' distributed denial-of-service attack defenses were breached in the past year - despite confidence in their mitigation technologies.
How I Infiltrated a Fortune 500 Company with Social Engineering
Commentary  |  11/7/2017  | 
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Commentary  |  11/7/2017  | 
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
It Takes a Buck to Make a Million on the Dark Web
News  |  11/6/2017  | 
The cost for malware tools and services can add up, but the returns from cybercrime campaigns can be enormous, says Recorded Future.
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
News  |  11/6/2017  | 
Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
DDoS Flaw Found in Brother Printers
Quick Hits  |  11/6/2017  | 
All Brother printers with a Debut Web front-end carry a flaw that allows attackers to distribute a single malformed HTTP POST request, researchers revealed today.
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Commentary  |  11/6/2017  | 
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
Virtual Reality Could Serve as a Cybersecurity Recruiting Tool
News  |  11/6/2017  | 
A recent study finds 74% of millennials and post-millennials agree VR use in cybersecurity tools may entice them into an IT security career.
8 Older Companies Doing New Things in Security
Slideshows  |  11/6/2017  | 
These organizations have been around for a while but aren't slowing down on security releases.
External Attacker Leaked 'Paradise Papers,' Law Firm Reports
Quick Hits  |  11/6/2017  | 
The Paradise Papers contain 13.4m documents allegedly hacked by an outsider, the targeted law firm reports.
Hackers Poison Google Search Results to Deliver Zeus Panda
News  |  11/3/2017  | 
Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
Consumers Don't Trust Businesses Can Protect Their Data
News  |  11/3/2017  | 
New data shows fears of irresponsible handling of sensitive data, to a lack of control over their personal digital information breeds distrust among consumers.
Russian Election-Tampering & Enterprise Security Plans
Commentary  |  11/3/2017  | 
Take our new flash poll and tells us if the current political climate is making you rethink disaster recovery and business continuity planning.
4 Ways the Next Generation of Security Is Changing
Commentary  |  11/3/2017  | 
The CISO's job will get easier because of trends in the industry. Here's how.
Social Engineer Spills Tricks of the Trade
News  |  11/2/2017  | 
A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
iPhone X Face ID a Facial Biometrics Catalyst?
News  |  11/2/2017  | 
Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.
10 Mistakes End Users Make That Drive Security Managers Crazy
Slideshows  |  11/2/2017  | 
Here's a list of common, inadvertent missteps end users make that can expose company data.
Average Employee Manages Nearly 200 Passwords
News  |  11/1/2017  | 
But single sign-on support lacks in over 50% of the most popular websites and services used by workers.
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
News  |  11/1/2017  | 
Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
iPhone 7, Samsung Galaxy S8, Others Hacked in Pwn2Own
Quick Hits  |  11/1/2017  | 
Researchers participating in the Mobile Pwn2Own 2017 competition developed exploits for the iPhone 7, Samsung Galaxy S8, and others.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.
<<   <   Page 2 / 2


Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18216
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.