Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2018
Page 1 / 2   >   >>
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Dunkin' Donuts Serves Up Data Breach Alert
Quick Hits  |  11/29/2018  | 
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Beware the Malware-Laden Brexit News
News  |  11/29/2018  | 
New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload.
The Return of Email Flooding
Commentary  |  11/29/2018  | 
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
New Report Details Rise, Spread of Email-based Attacks
News  |  11/29/2018  | 
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Incorrect Assessments of Data Value Putting Organizations at Risk
News  |  11/28/2018  | 
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Federal Indictments in SamSam Ransomware Campaign
News  |  11/28/2018  | 
Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
News  |  11/28/2018  | 
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Middle East, North Africa Cybercrime Ups Its Game
News  |  11/28/2018  | 
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
Atrium Health Breach Exposes 2.65 Million Patient Records
Quick Hits  |  11/28/2018  | 
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
Who's the Weakest Link in Your Supply Chain?
News  |  11/27/2018  | 
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Commentary  |  11/27/2018  | 
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Buckle Up: A Closer Look at Airline Security Breaches
News  |  11/26/2018  | 
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
USPS Web Vuln Exposes Data of 60 Million
Quick Hits  |  11/26/2018  | 
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Quick Hits  |  11/26/2018  | 
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
Transforming into a CISO Security Leader
Commentary  |  11/26/2018  | 
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Paper Trail Absence May Still Plague 2020 Election
Quick Hits  |  11/25/2018  | 
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
To Stockpile or Not to Stockpile Zero-Days?
Commentary  |  11/21/2018  | 
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Quick Hits  |  11/20/2018  | 
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Cybersecurity at the Core
Commentary  |  11/20/2018  | 
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
News  |  11/20/2018  | 
A solid response and reputation management program will go a long way in surviving a major breach.
6,500 Dark Web Sites Offline After Hosting Service Attacked
Quick Hits  |  11/20/2018  | 
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
8 Security Buzzwords That Are Too Good to Be True
Commentary  |  11/20/2018  | 
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Leaderboard Shows Adoption of DMARC Email Security Protocol
News  |  11/20/2018  | 
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
News  |  11/19/2018  | 
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Divide Remains Between Cybersecurity Awareness and Skill
Quick Hits  |  11/19/2018  | 
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
Instagram Privacy Tool Exposed Passwords
Quick Hits  |  11/19/2018  | 
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
News  |  11/16/2018  | 
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Quick Hits  |  11/16/2018  | 
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
26M Texts Exposed in Poorly Secured Vovox Database
Quick Hits  |  11/16/2018  | 
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
95% of Organizations Have Cultural Issues Around Cybersecurity
Commentary  |  11/16/2018  | 
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
Cyber Crooks Diversify Business with Multi-Intent Malware
Commentary  |  11/15/2018  | 
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Cloud, China, Generic Malware Top Security Concerns for 2019
News  |  11/15/2018  | 
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
Quick Hits  |  11/15/2018  | 
In addition, most have "unacceptable" privacy policies and "non-existent user support."
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
News  |  11/14/2018  | 
At the same time, criminal organizations continue to look for new ways to attack their victims.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
Airlines Have a Big Problem with Bad Bots
News  |  11/14/2018  | 
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
Understanding Evil Twin AP Attacks and How to Prevent Them
Commentary  |  11/14/2018  | 
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Quick Hits  |  11/14/2018  | 
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
To Click or Not to Click: The Answer Is Easy
Commentary  |  11/14/2018  | 
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Quick Hits  |  11/13/2018  | 
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.