Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2015
Boldest Cybersecurity Predictions For 2016
Slideshows  |  12/31/2015  | 
Forget the boring, safe predictions -- here instead are the most interesting, cringe-worthy, humorous, or otherwise shocking predictions for the coming year.
Tor Project To Launch Bug Bounty Program
News  |  12/31/2015  | 
Open Technology Fund will sponsor program and HackerOne will manage it
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps
News  |  12/29/2015  | 
'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't
News  |  12/28/2015  | 
Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
Security Vendors Report Uptick in Whaling, Phishing Scams
News  |  12/23/2015  | 
Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015  | 
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
Torrenting Still A Thorn In Enterprise Networks
News  |  12/22/2015  | 
A quarter of enterprises still see torrenting activity and among those, 43 percent of apps contain malicious elements.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
9 Coolest Hacks Of 2015
News  |  12/21/2015  | 
Cars, guns, gas stations, and satellites, all got '0wned' by good hackers this year in some of the most creative yet unnerving hacks.
Oracle Settles FTC Charges That It Deceived Users About Java Security Updates
Quick Hits  |  12/21/2015  | 
Oracle will have to be more forthright and communicate the truth via social media and anti-virus companies going forward.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
10 Funny Twitter Feeds For Security Geeks
Slideshows  |  12/18/2015  | 
These must-follow Twitter feeds offer plenty of cybersecurity humor to keep infosec pros giggling even when the attacks keep coming.
Juniper Discovers Unauthorized Code In Its Firewall OS
News  |  12/18/2015  | 
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
SQL Injection, XSS Flaws Found In Network Management System Products
News  |  12/16/2015  | 
Patches available for two flaws, pending for four others.
Detecting the Undetectable: Windows Registry Attacks
Partner Perspectives  |  12/15/2015  | 
Fileless attacks are becoming more sophisticated, requiring a team of defenses.
Macro Malware Is Back
Partner Perspectives  |  12/15/2015  | 
Social engineering drives macro malware levels to six-year highs.
Investigating Mobile Banking Attacks
Partner Perspectives  |  12/15/2015  | 
Poor mobile app back-end security coding puts consumer information at risk.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Internet Of Things Christmas Security Survival Guide
News  |  12/14/2015  | 
Here's how CISOs, security researchers, and all security-minded folks in between can channel their healthy paranoia into helpful ways of protecting friends and family from IoT gifts.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
Latentbot: A Ghost in the Internet
News  |  12/11/2015  | 
Malwares multiple layers of obfuscation make it almost invisible FireEye says,
Sea Craft Voyage Data Systems Vulnerable To Tampering, Spying
News  |  12/9/2015  | 
Remote attackers could snoop on or corrupt the systems that collect and store radar images, vessels' position and speed, and audio recorded in the ships' bridge or engine room.
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
Known Security Flaw Found In More Antivirus Products
News  |  12/8/2015  | 
A vulnerability discovered earlier this year in AVG software also spotted in Intel McAfee, Kaspersky Lab AV products.
Retailers Inadequately Secured Against Risks From Temporary Workers
News  |  12/8/2015  | 
Retailers recognize temps are higher-risk, but have lower visibility into their activity.
Iranian Groups Conducting Sophisticated Surveillance On Middle Eastern Targets
News  |  12/8/2015  | 
Two groups have been using backdoor threats to spy on targeted individuals, Symantec says.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Cyber Extortion, DDoS-For-Bitcoin Campaigns Rise
News  |  12/7/2015  | 
Now that the model is proven, more cyber-extortionists are entering the scene, stealing their predecessors' ideas and even their names.
BackStab Attack Takes Indirect Route To Mobile Data
News  |  12/7/2015  | 
Attack technique takes advantage of weak protections around mobile user's backup files.
Playing It Straight: Building A Risk-Based Approach To InfoSec
Commentary  |  12/7/2015  | 
What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
Microsoft Leads Effort To Disrupt Dorkbot Botnet
News  |  12/4/2015  | 
Dorkbot's command and control servers have been sinkholed.
By Renaming Flash Professional, Adobe Does Little To Alleviate Security Concerns
News  |  12/3/2015  | 
More than a rebranding, what is really needed is an end to Flash, say some security analysts.
The Programming Languages That Spawn The Most Software Vulnerabilities
News  |  12/3/2015  | 
PHP, ASP Web scripting languages breed more vulnerabilities than Java, .NET programming platforms, Veracode's new state of software security report says.
CryptoWall 4.0 Spreading Via Angler Drive-By Download Campaign
News  |  12/2/2015  | 
Sweet-talking ransomware making rounds in attacks originating from Ukraine-based hosts.
4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks
News  |  12/1/2015  | 
As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?
Cybersecurity Seen As Top Priority For Financial Risk Managers
News  |  12/1/2015  | 
Risk managers at financial firms rate cyber risk as the number one concern across all risk management activities, not just IT risks.
The Grinch Who Exposed Your Kids' Identities
News  |  12/1/2015  | 
5 Ways VTech's Scrooge-like security spending put young users at risk.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing Writer,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.