Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2016
Page 1 / 2   >   >>
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
News  |  12/28/2016  | 
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Quick Hits  |  12/28/2016  | 
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
21 Biggest Cybercriminal Busts Of 2016
Slideshows  |  12/28/2016  | 
This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Fileless Malware Takes 2016 By Storm
News  |  12/27/2016  | 
In-memory attacks are all the rage, creating a growing class of "non-malware."
8 Boldest Security Predictions For 2017
Slideshows  |  12/27/2016  | 
Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Year 2016 Sees Record Deployment Of HTTPS By Firefox, Chrome
Quick Hits  |  12/27/2016  | 
More than half of Web pages loaded by the browsers guarantee protection to visitors.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant
News  |  12/22/2016  | 
SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security.
Inside The Vulnerability Disclosure Ecosystem
Slideshows  |  12/22/2016  | 
Report released by NTIA stakeholders offers new information on how organizations respond to security vulnerabilities - and what researchers think.
'Alice' Malware Loots ATMs
News  |  12/21/2016  | 
Trend Micro has an alert about a new bare-bones ATM malware family it recently uncovered.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
Panasonic Inflight Entertainment System Vulnerable To Attack
News  |  12/20/2016  | 
Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report.
Report: ShadowBrokers Obtained Stolen NSA Info Via Rogue Insider
News  |  12/20/2016  | 
Flashpoint researchers have 'medium confidence' that rogue insider, not just outside hacker, was involved in ShadowBrokers' August and December data dumps.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Democrats And Republicans Join In Demand For Select Cyber Panel
Quick Hits  |  12/20/2016  | 
Four senators push Mitch McConnell for select committee on foreign cyber threats and Russian interference in US presidential polls.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
5 Ways The Cyber-Threat Landscape Shifted In 2016
Slideshows  |  12/19/2016  | 
IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016
Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts
Quick Hits  |  12/19/2016  | 
Leak of bank account and financial planning details emanated from a financial advisor's unsecured Internet-connected backup drive at home.
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
Nigerian Charged With BEC Scam Involving $3.1 Billion
Quick Hits  |  12/16/2016  | 
David Adindu and accomplices targeted thousands of businesses globally with fake emails asking for money transfer.
Microsoft To Block Flash In Edge Browser For Security, Speed
News  |  12/16/2016  | 
Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla.
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
News  |  12/15/2016  | 
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Hurricanes, Earthquakes & Threat Intelligence
Commentary  |  12/15/2016  | 
You must be prepared for foreseeable attacks as well as the ones that sneak up on you.
Its Time For Organizations To Automate Security
Partner Perspectives  |  12/14/2016  | 
Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.
8 Most Hackable Holiday Gifts, 2016 Edition
Slideshows  |  12/14/2016  | 
You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
Anti-Malware Is Necessary In The Data Center: 3 Examples
Commentary  |  12/14/2016  | 
Simply because data center endpoints dont have the same threat profile as general desktops doesnt mean they dont need anti-malware software. Heres why.
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X
News  |  12/13/2016  | 
Vulnerability would have let attackers record calls, intercept and read messages, and siphon out all kinds of data, Trustwave says.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Security In 2017: Ransomware Will Remain King
Partner Perspectives  |  12/13/2016  | 
Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks.
Nearly Half Of The Top 1 Million Websites Deemed Risky
News  |  12/13/2016  | 
Forty-six percent of the top million websites, as ranked by Alexa, pose potential malware risks to businesses.
CIA: Russian Hackers Aimed To Help Trump Win
News  |  12/12/2016  | 
Intelligence suggests Russia hacked the Republican National Committee but didn't leak its data, a sign experts say is indicative of broader plans to sway US election results.
Whats Naughty & Nice About The Internet Of Things
Commentary  |  12/12/2016  | 
It's easy to catalogue the worst IoT security hazards. But that's not the whole story.
5 Things Security Pros Need To Know About Machine Learning
Slideshows  |  12/12/2016  | 
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
Machine-Learning Algorithms Improve Detection Time For Modern Threats
Partner Perspectives  |  12/12/2016  | 
Artificial intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Senate Votes To Upgrade Cyber Command Into War-Fighting Unit
Quick Hits  |  12/12/2016  | 
NDAA legislation awaits Obama signature; Admiral Mike Rogers will still head both Cyber Command and NSA, at least for now.
Pay Ransom Or Infect Others!
Quick Hits  |  12/12/2016  | 
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
How Retailers Can Fight Holiday Season Hackers
Slideshows  |  12/8/2016  | 
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
From Carna To Mirai: Recovering From A Lost Opportunity
Commentary  |  12/8/2016  | 
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
Researchers Find Backdoors, Bugs In Sony, White Box IP Cameras
News  |  12/7/2016  | 
New vulnerabilities discovered by SEC Consult and Cybereason highight increasing IoT threat to enterprises.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Quick Hits  |  12/7/2016  | 
Credit it to mass-produced malware and better detection through machine learning.
PoisonTap USB Device Can Hack A Locked PC In A Minute
Partner Perspectives  |  12/6/2016  | 
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
Web Gateways: 5 Big Security Challenges
Commentary  |  12/6/2016  | 
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
The 7 Most Sensational Breaches Of 2016
Slideshows  |  12/6/2016  | 
The biggest hacks, data exposures, and thefts that left companies and government entities reeling.
Protect Your Company From Hackable Holiday Gifts
Partner Perspectives  |  12/5/2016  | 
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
Reality Check: Getting Serious About IoT Security
Commentary  |  12/5/2016  | 
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.