Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2016
Page 1 / 2   >   >>
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
News  |  12/28/2016  | 
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Quick Hits  |  12/28/2016  | 
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
21 Biggest Cybercriminal Busts Of 2016
Slideshows  |  12/28/2016  | 
This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Fileless Malware Takes 2016 By Storm
News  |  12/27/2016  | 
In-memory attacks are all the rage, creating a growing class of "non-malware."
8 Boldest Security Predictions For 2017
Slideshows  |  12/27/2016  | 
Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Year 2016 Sees Record Deployment Of HTTPS By Firefox, Chrome
Quick Hits  |  12/27/2016  | 
More than half of Web pages loaded by the browsers guarantee protection to visitors.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant
News  |  12/22/2016  | 
SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security.
Inside The Vulnerability Disclosure Ecosystem
Slideshows  |  12/22/2016  | 
Report released by NTIA stakeholders offers new information on how organizations respond to security vulnerabilities - and what researchers think.
'Alice' Malware Loots ATMs
News  |  12/21/2016  | 
Trend Micro has an alert about a new bare-bones ATM malware family it recently uncovered.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
Panasonic Inflight Entertainment System Vulnerable To Attack
News  |  12/20/2016  | 
Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report.
Report: ShadowBrokers Obtained Stolen NSA Info Via Rogue Insider
News  |  12/20/2016  | 
Flashpoint researchers have 'medium confidence' that rogue insider, not just outside hacker, was involved in ShadowBrokers' August and December data dumps.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Democrats And Republicans Join In Demand For Select Cyber Panel
Quick Hits  |  12/20/2016  | 
Four senators push Mitch McConnell for select committee on foreign cyber threats and Russian interference in US presidential polls.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
5 Ways The Cyber-Threat Landscape Shifted In 2016
Slideshows  |  12/19/2016  | 
IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016
Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts
Quick Hits  |  12/19/2016  | 
Leak of bank account and financial planning details emanated from a financial advisor's unsecured Internet-connected backup drive at home.
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
Nigerian Charged With BEC Scam Involving $3.1 Billion
Quick Hits  |  12/16/2016  | 
David Adindu and accomplices targeted thousands of businesses globally with fake emails asking for money transfer.
Microsoft To Block Flash In Edge Browser For Security, Speed
News  |  12/16/2016  | 
Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla.
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
News  |  12/15/2016  | 
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Hurricanes, Earthquakes & Threat Intelligence
Commentary  |  12/15/2016  | 
You must be prepared for foreseeable attacks as well as the ones that sneak up on you.
Its Time For Organizations To Automate Security
Partner Perspectives  |  12/14/2016  | 
Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.
8 Most Hackable Holiday Gifts, 2016 Edition
Slideshows  |  12/14/2016  | 
You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
Anti-Malware Is Necessary In The Data Center: 3 Examples
Commentary  |  12/14/2016  | 
Simply because data center endpoints dont have the same threat profile as general desktops doesnt mean they dont need anti-malware software. Heres why.
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X
News  |  12/13/2016  | 
Vulnerability would have let attackers record calls, intercept and read messages, and siphon out all kinds of data, Trustwave says.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Security In 2017: Ransomware Will Remain King
Partner Perspectives  |  12/13/2016  | 
Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks.
Nearly Half Of The Top 1 Million Websites Deemed Risky
News  |  12/13/2016  | 
Forty-six percent of the top million websites, as ranked by Alexa, pose potential malware risks to businesses.
CIA: Russian Hackers Aimed To Help Trump Win
News  |  12/12/2016  | 
Intelligence suggests Russia hacked the Republican National Committee but didn't leak its data, a sign experts say is indicative of broader plans to sway US election results.
Whats Naughty & Nice About The Internet Of Things
Commentary  |  12/12/2016  | 
It's easy to catalogue the worst IoT security hazards. But that's not the whole story.
5 Things Security Pros Need To Know About Machine Learning
Slideshows  |  12/12/2016  | 
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
Machine-Learning Algorithms Improve Detection Time For Modern Threats
Partner Perspectives  |  12/12/2016  | 
Artificial intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Senate Votes To Upgrade Cyber Command Into War-Fighting Unit
Quick Hits  |  12/12/2016  | 
NDAA legislation awaits Obama signature; Admiral Mike Rogers will still head both Cyber Command and NSA, at least for now.
Pay Ransom Or Infect Others!
Quick Hits  |  12/12/2016  | 
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
How Retailers Can Fight Holiday Season Hackers
Slideshows  |  12/8/2016  | 
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
From Carna To Mirai: Recovering From A Lost Opportunity
Commentary  |  12/8/2016  | 
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
Researchers Find Backdoors, Bugs In Sony, White Box IP Cameras
News  |  12/7/2016  | 
New vulnerabilities discovered by SEC Consult and Cybereason highight increasing IoT threat to enterprises.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Quick Hits  |  12/7/2016  | 
Credit it to mass-produced malware and better detection through machine learning.
PoisonTap USB Device Can Hack A Locked PC In A Minute
Partner Perspectives  |  12/6/2016  | 
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
Web Gateways: 5 Big Security Challenges
Commentary  |  12/6/2016  | 
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
The 7 Most Sensational Breaches Of 2016
Slideshows  |  12/6/2016  | 
The biggest hacks, data exposures, and thefts that left companies and government entities reeling.
Protect Your Company From Hackable Holiday Gifts
Partner Perspectives  |  12/5/2016  | 
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
Reality Check: Getting Serious About IoT Security
Commentary  |  12/5/2016  | 
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.