Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2018
Page 1 / 2   >   >>
The Coolest Hacks of 2018
News  |  12/28/2018  | 
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
IoT Bug Grants Access to Home Video Surveillance
Quick Hits  |  12/27/2018  | 
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Commentary  |  12/27/2018  | 
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap
Commentary  |  12/26/2018  | 
By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.
7 Business Metrics Security Pros Need to Know
Slideshows  |  12/21/2018  | 
These days, security has to speak the language of business. These KPIs will get you started.
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Quick Hits  |  12/21/2018  | 
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
Amazon Slip-Up Shows How Much Alexa Really Knows
Quick Hits  |  12/21/2018  | 
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
3 Reasons to Train Security Pros to Code
News  |  12/20/2018  | 
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
News  |  12/20/2018  | 
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
How to Optimize Security Spending While Reducing Risk
Commentary  |  12/20/2018  | 
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
2018 In the Rearview Mirror
Commentary  |  12/20/2018  | 
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
Automating a DevOps-Friendly Security Policy
Commentary  |  12/20/2018  | 
There can be a clash of missions between security and IT Ops teams, but automation can help.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
Privacy Futures: Fed-up Consumers Take Their Data Back
Commentary  |  12/19/2018  | 
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
DOJ Announces Indictment in Nigerian Banking Scam
Quick Hits  |  12/19/2018  | 
International investment scam laundered funds through US bank accounts before being sent to Nigeria.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
When Cryptocurrency Falls, What Happens to Cryptominers?
News  |  12/18/2018  | 
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Trend Micro Finds Major Flaws in HolaVPN
Quick Hits  |  12/18/2018  | 
A popular free VPN is found to have a very high cost for users.
Twitter Hack May Have State-Sponsored Ties
Quick Hits  |  12/18/2018  | 
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
How to Engage Your Cyber Enemies
Commentary  |  12/18/2018  | 
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
Cyber Readiness Institute Launches New Program for SMBs
News  |  12/17/2018  | 
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
News  |  12/17/2018  | 
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Facebook: Photo API Bug Exposed 6.8M User Photos
Quick Hits  |  12/17/2018  | 
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didnt post.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Email Bomb Threats Follow Sextortion Playbook
News  |  12/14/2018  | 
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
News  |  12/13/2018  | 
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Universities Get Schooled by Hackers
News  |  12/13/2018  | 
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Cybercrime Is World's Biggest Criminal Growth Industry
Quick Hits  |  12/13/2018  | 
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Deception: Honey vs. Real Environments
Commentary  |  12/12/2018  | 
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
News  |  12/11/2018  | 
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
Grammarly Takes Bug Bounty Program Public
Quick Hits  |  12/11/2018  | 
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Commentary  |  12/11/2018  | 
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.