Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2015
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
Hits Keep On Coming For Both SSL & Its Abusers
Quick Hits  |  2/26/2015  | 
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
How to Strengthen Enterprise Defenses against Ransomware
Partner Perspectives  |  2/26/2015  | 
Eight essential ways that companies can enforce their borders.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
Five Easiest Ways to Get Hacked Part 2
Partner Perspectives  |  2/25/2015  | 
Continuing a conversation with principal security consultant Amit Bagree
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Quick Hits  |  2/24/2015  | 
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like visual hacking demand an information security environment that values data privacy and a self-policing culture.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didnt take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
Who Cares Whos Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Hackin' At The Car Wash, Yeah
News  |  2/19/2015  | 
Drive-through car washes can be hacked via the Internet, to wreak physical damage or to get a free wash for your ride.
Superfish Compromises All SSL Connections On Lenovo Gear
News  |  2/19/2015  | 
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandoras box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
End Users Causing Bulk Of Infosec Headaches
News  |  2/18/2015  | 
Report shows 80 percent of IT pros blame users for their security woes.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company
Partner Perspectives  |  2/17/2015  | 
Its time for all of your counter-espionage tools to work together.
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
News  |  2/13/2015  | 
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
Obama Signs New Executive Order For Sharing Cyberthreat Information
Quick Hits  |  2/13/2015  | 
EO comes on the heels of massive breaches at Sony, Anthem.
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Commentary  |  2/13/2015  | 
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
Five Techniques to Keep Employees Computing Secure
Partner Perspectives  |  2/12/2015  | 
With BYOD on the rise, these tips can help IT staff mitigate security risks, from mobile devices to data centers.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
News  |  2/10/2015  | 
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
How Malware Bypasses Our Most Advanced Security Measures
Commentary  |  2/10/2015  | 
We unpack three common attack vectors and five evasion detection techniques.
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
News  |  2/10/2015  | 
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
Anthem Breach Should Convince Healthcare To Double Down On Security
News  |  2/6/2015  | 
Mega breach brings focus back on inadequacies of healthcare security.
Why Israel Hacks
Commentary  |  2/5/2015  | 
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
Scan Finds 'Ghost' Haunting Critical Business Applications
News  |  2/5/2015  | 
Some 41% of enterprise applications using GNU C Library (glibc) employ the Ghost-ridden 'gethostbyname' function, Veracode discovers.
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Commentary  |  2/4/2015  | 
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
3 Disturbing New Trends in Vulnerability Disclosure
News  |  2/3/2015  | 
Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing.
Banking Trojan Lurks Inside Innocent Fax Messages, Bitdefender Warns
Partner Perspectives  |  2/3/2015  | 
Threat uses server-side polymorphism technique to bypass antivirus software.
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Commentary  |  2/3/2015  | 
President Obamas SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
New Adobe Flash 0-Day Used In Malvertising Campaign
News  |  2/2/2015  | 
The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid.
The Complicated Relationship Among Security, Privacy & Legislation
Partner Perspectives  |  2/2/2015  | 
The pace and advances in technology are greatly outstripping the capacity of government to effectively regulate.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.