Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2014
Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015
Commentary  |  12/31/2014  | 
Next year, youll keep exploiting vulnerabilities, and well make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
4 Infosec Resolutions For The New Year
Commentary  |  12/30/2014  | 
Dont look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
20 Startups To Watch In 2015
Slideshows  |  12/29/2014  | 
Check our list of security startups sure to start (or continue) making waves in the coming year.
A 2014 Lookback: Predictions vs. Reality
Commentary  |  12/29/2014  | 
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
Why Digital Forensics In Incident Response Matters More Now
Commentary  |  12/24/2014  | 
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
JPMorgan Hack: 2FA MIA In Breached Server
Quick Hits  |  12/24/2014  | 
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
Backoff Malware Validates Targets Through Infected IP Cameras
News  |  12/23/2014  | 
RSA report on Backoff dives deeper into clues about the POS software and hints at attackers potentially located in India.
How PCI DSS 3.0 Can Help Stop Data Breaches
Commentary  |  12/23/2014  | 
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
The Coolest Hacks Of 2014
News  |  12/22/2014  | 
TSA baggage scanners, evil USB sticks, and smart homes were among the targets in some of the most creative -- and yes, scary -- hacks this year by security researchers.
Security News No One Saw Coming In 2014
Commentary  |  12/22/2014  | 
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
The Internet's Winter Of Discontent
Commentary  |  12/19/2014  | 
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the worlds connected economy is that the hits just keep on coming.
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
'Grinch' Bug May Affect Most Linux Systems
Quick Hits  |  12/17/2014  | 
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014: The Year of Privilege Vulnerabilities
Commentary  |  12/16/2014  | 
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Ekoparty Isnt The Next Defcon (& It Doesnt Want To Be)
Commentary  |  12/15/2014  | 
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Shadow IT: Not The Risk You Think
Commentary  |  12/12/2014  | 
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
Hiring Hackers To Secure The Internet Of Things
News  |  12/11/2014  | 
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
Cyber Security Practices Insurance Underwriters Demand
Commentary  |  12/11/2014  | 
Insurance underwriters arent looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Crypto In The Crosshairs Again
News  |  12/10/2014  | 
"POODLE" attack extends to newer versions of SSL/TLS encryption as well.
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
News  |  12/10/2014  | 
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
Employees Still Get More Access Than They Need
News  |  12/9/2014  | 
Two surveys show how little enterprises enforce and track least-privilege policies.
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Commentary  |  12/9/2014  | 
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
Open Source Encryption Must Get Smarter
Commentary  |  12/8/2014  | 
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
Poll: The Perimeter Has Shattered!
Commentary  |  12/8/2014  | 
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
IBM Reveals 'SpoofedMe' Attack Leveraging Social Login Vulnerability
News  |  12/5/2014  | 
IBM researchers uncovered an attack that takes advantage of the social login feature.
Moving Beyond 2-Factor Authentication With Context
Commentary  |  12/5/2014  | 
2FA isnt cheap or infallible -- in more ways than two.
Why Regin Malware Changes Threatscape Economics
Commentary  |  12/4/2014  | 
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
With Operation Cleaver, Iran Emerges As A Cyberthreat
News  |  12/3/2014  | 
A hacker group's actions suggest that it is laying the groundwork for a future attack on critical infrastructure targets.
How Startups Can Jumpstart Security Innovation
Commentary  |  12/3/2014  | 
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Heres how to find them.
FBI Warning Shows Targeted Attacks Don't Just Steal Anymore
News  |  12/2/2014  | 
An FBI advisory points to an increasing trend of destructive malware for activist, anti-forensics purposes.
Leveraging The Kill Chain For Awesome
Commentary  |  12/2/2014  | 
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
Cybercrooks Expand Sights To Market Manipulation
News  |  12/1/2014  | 
A new FireEye report shows attacks with simple technical roots but sophisticated knowledge of the investment world are stealing information that could be used for insider trading.
Breaking the Code: The Role of Visualization in Security Research
Commentary  |  12/1/2014  | 
In todays interconnected, data rich IT environments, passive inspection of information is not enough.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9405
PUBLISHED: 2019-09-20
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9407
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9408
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2019-16533
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16534
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.