Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2017
Page 1 / 2   >   >>
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Quick Hits  |  12/29/2017  | 
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
Commentary  |  12/29/2017  | 
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Mozilla Issues Critical Security Patch for Thunderbird Flaw
Quick Hits  |  12/28/2017  | 
Mozilla released five patches for Thunderbird security vulnerabilities, including one critical buffer overflow bug affecting Windows machines.
The Disconnect Between Cybersecurity & the C-Suite
Commentary  |  12/28/2017  | 
Most corporate boards are not taking tangible actions to shape their companies' security strategies or investment plans, a PwC study shows.
Rapid Growth in Security Market Raises Question: How to Pick a Startup
News  |  12/28/2017  | 
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Quick Hits  |  12/27/2017  | 
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
Quick Hits  |  12/27/2017  | 
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017  | 
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
The Coolest Hacks of 2017
News  |  12/27/2017  | 
Robots, voting machines, machine learning, and the wind were among the hacks security researchers pulled off this year.
6 Tips to Protect Against Technical Support Fraud
Slideshows  |  12/27/2017  | 
Just when youre having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
2017 Security Predictions through the Rear Window
Commentary  |  12/26/2017  | 
If you're going to forecast the future, go big.
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
Quick Hits  |  12/26/2017  | 
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
Hit the Cyber Underground for the Hottest Travel Deals
News  |  12/22/2017  | 
You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.
Network Printer & Scanner Spoofing Campaign Targets Millions
Quick Hits  |  12/22/2017  | 
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017  | 
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
CISO Holiday Miracle Wish List
Slideshows  |  12/22/2017  | 
If CISOs could make a wish to solve a problem, these would be among the top choices.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
Fileless Malware Attacks Hit Milestone in 2017
News  |  12/21/2017  | 
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Small,Targeted Ransomware Attacks Emerge
News  |  12/21/2017  | 
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
9 Banking Trojans & Trends Costing Businesses in 2017
Slideshows  |  12/20/2017  | 
New Trojans appeared, old ones resurfaced, and delivery methods evolved as cybercriminals set their sights on financial data.
Microsoft Office Docs New Vessel for Loki Malware
News  |  12/19/2017  | 
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
Commentary  |  12/19/2017  | 
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
Telegram RAT Escapes Detection via Cloud Apps
Quick Hits  |  12/18/2017  | 
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event
Quick Hits  |  12/18/2017  | 
The bounty, split between two researchers, is the largest single reward by any government bug bounty program to date.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017  | 
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
Lazarus Group Targets Bitcoin Company
Quick Hits  |  12/15/2017  | 
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
News  |  12/15/2017  | 
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Is Your Security Workflow Backwards?
Commentary  |  12/15/2017  | 
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
BlueBorne Attack Highlights Flaws in Linux, IoT Security
News  |  12/14/2017  | 
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017  | 
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Malware Decompiler Tool Goes Open Source
News  |  12/13/2017  | 
Avast's RetDec machine-code decompiler now available for free on Github.
80% of Americans Admit to Risky Cybersecurity Behaviors
Quick Hits  |  12/13/2017  | 
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
Healthcare Faces Poor Cybersecurity Prognosis
News  |  12/13/2017  | 
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
News  |  12/13/2017  | 
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
Automation Could Be Widening the Cybersecurity Skills Gap
Commentary  |  12/13/2017  | 
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
Security Compliance: The Less You Spend the More You Pay
News  |  12/12/2017  | 
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Microsoft Azure AD Connect Flaw Elevates Employee Privilege
News  |  12/12/2017  | 
An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Only 5% of Business Leaders Rethought Security After Equifax
Quick Hits  |  12/12/2017  | 
Corporate leaders know little about common security threats like ransomware and phishing, driving their risk for attack.
8 Out of 10 Employees Use Unencrypted USB Devices
Quick Hits  |  12/12/2017  | 
Security policies for USB drivers are severely outdated or inadequate, a report finds.
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
News  |  12/12/2017  | 
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Quick Hits  |  12/8/2017  | 
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
Android Ransomware Kits on the Rise in the Dark Web
News  |  12/7/2017  | 
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017  | 
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
News  |  12/7/2017  | 
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Quick Hits  |  12/7/2017  | 
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.