Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2015
Boldest Cybersecurity Predictions For 2016
Slideshows  |  12/31/2015  | 
Forget the boring, safe predictions -- here instead are the most interesting, cringe-worthy, humorous, or otherwise shocking predictions for the coming year.
Tor Project To Launch Bug Bounty Program
News  |  12/31/2015  | 
Open Technology Fund will sponsor program and HackerOne will manage it
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps
News  |  12/29/2015  | 
'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't
News  |  12/28/2015  | 
Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
Security Vendors Report Uptick in Whaling, Phishing Scams
News  |  12/23/2015  | 
Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015  | 
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
Torrenting Still A Thorn In Enterprise Networks
News  |  12/22/2015  | 
A quarter of enterprises still see torrenting activity and among those, 43 percent of apps contain malicious elements.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
9 Coolest Hacks Of 2015
News  |  12/21/2015  | 
Cars, guns, gas stations, and satellites, all got '0wned' by good hackers this year in some of the most creative yet unnerving hacks.
Oracle Settles FTC Charges That It Deceived Users About Java Security Updates
Quick Hits  |  12/21/2015  | 
Oracle will have to be more forthright and communicate the truth via social media and anti-virus companies going forward.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
10 Funny Twitter Feeds For Security Geeks
Slideshows  |  12/18/2015  | 
These must-follow Twitter feeds offer plenty of cybersecurity humor to keep infosec pros giggling even when the attacks keep coming.
Juniper Discovers Unauthorized Code In Its Firewall OS
News  |  12/18/2015  | 
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
SQL Injection, XSS Flaws Found In Network Management System Products
News  |  12/16/2015  | 
Patches available for two flaws, pending for four others.
Detecting the Undetectable: Windows Registry Attacks
Partner Perspectives  |  12/15/2015  | 
Fileless attacks are becoming more sophisticated, requiring a team of defenses.
Macro Malware Is Back
Partner Perspectives  |  12/15/2015  | 
Social engineering drives macro malware levels to six-year highs.
Investigating Mobile Banking Attacks
Partner Perspectives  |  12/15/2015  | 
Poor mobile app back-end security coding puts consumer information at risk.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Internet Of Things Christmas Security Survival Guide
News  |  12/14/2015  | 
Here's how CISOs, security researchers, and all security-minded folks in between can channel their healthy paranoia into helpful ways of protecting friends and family from IoT gifts.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
Latentbot: A Ghost in the Internet
News  |  12/11/2015  | 
Malwares multiple layers of obfuscation make it almost invisible FireEye says,
Sea Craft Voyage Data Systems Vulnerable To Tampering, Spying
News  |  12/9/2015  | 
Remote attackers could snoop on or corrupt the systems that collect and store radar images, vessels' position and speed, and audio recorded in the ships' bridge or engine room.
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
Known Security Flaw Found In More Antivirus Products
News  |  12/8/2015  | 
A vulnerability discovered earlier this year in AVG software also spotted in Intel McAfee, Kaspersky Lab AV products.
Retailers Inadequately Secured Against Risks From Temporary Workers
News  |  12/8/2015  | 
Retailers recognize temps are higher-risk, but have lower visibility into their activity.
Iranian Groups Conducting Sophisticated Surveillance On Middle Eastern Targets
News  |  12/8/2015  | 
Two groups have been using backdoor threats to spy on targeted individuals, Symantec says.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Cyber Extortion, DDoS-For-Bitcoin Campaigns Rise
News  |  12/7/2015  | 
Now that the model is proven, more cyber-extortionists are entering the scene, stealing their predecessors' ideas and even their names.
BackStab Attack Takes Indirect Route To Mobile Data
News  |  12/7/2015  | 
Attack technique takes advantage of weak protections around mobile user's backup files.
Playing It Straight: Building A Risk-Based Approach To InfoSec
Commentary  |  12/7/2015  | 
What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
Microsoft Leads Effort To Disrupt Dorkbot Botnet
News  |  12/4/2015  | 
Dorkbot's command and control servers have been sinkholed.
By Renaming Flash Professional, Adobe Does Little To Alleviate Security Concerns
News  |  12/3/2015  | 
More than a rebranding, what is really needed is an end to Flash, say some security analysts.
The Programming Languages That Spawn The Most Software Vulnerabilities
News  |  12/3/2015  | 
PHP, ASP Web scripting languages breed more vulnerabilities than Java, .NET programming platforms, Veracode's new state of software security report says.
CryptoWall 4.0 Spreading Via Angler Drive-By Download Campaign
News  |  12/2/2015  | 
Sweet-talking ransomware making rounds in attacks originating from Ukraine-based hosts.
4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks
News  |  12/1/2015  | 
As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?
Cybersecurity Seen As Top Priority For Financial Risk Managers
News  |  12/1/2015  | 
Risk managers at financial firms rate cyber risk as the number one concern across all risk management activities, not just IT risks.
The Grinch Who Exposed Your Kids' Identities
News  |  12/1/2015  | 
5 Ways VTech's Scrooge-like security spending put young users at risk.


Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8096
PUBLISHED: 2020-04-07
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-11586
PUBLISHED: 2020-04-06
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVE-2020-11587
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
CVE-2020-11589
PUBLISHED: 2020-04-06
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
CVE-2020-11590
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.