Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2016
So You Want to Be a Security Researcher?
News  |  2/26/2016  | 
Security researchers need a broad set of skills to investigate a constantly-changing threat landscape. But specializing in areas such as reverse engineering or network forensics will boost opportunities.
Phishing Attacks Increase Tech Sophistication, Focus On Financial Fraud
News  |  2/25/2016  | 
With a prevalence of free, feature-rich phishing kits and multi-million dollar profits from business email compromise attacks, no wonder phishing's so popular.
Breach Stats: Improving From Abysmal To Just Awful
News  |  2/25/2016  | 
Breach response times and volumes decreased significantly last year, but overall numbers still look ugly.
FBI Vs. Apple: Privacy Syllabus
Slideshows  |  2/24/2016  | 
Some of the very best articles, blogs, and other opinions on the issue of government meddling in encryption technology.
Operation Dust Storm Hackers Set Sights On Japan's Critical Infrastructure
News  |  2/23/2016  | 
Japanese energy, oil/gas, and transportation industries the target of stealthy, patient cyber-espionage group.
Leaky Apps Far Riskier Than Mobile Malware
News  |  2/23/2016  | 
Even top enterprise apps are rampant with data leakage and privacy-invasive behavior.
7 Ways Banking Botnets Are Keeping With The Times
News  |  2/22/2016  | 
Banking botnets have been plaguing online bankers and financial institutions for years now, and the attacks keep evolving.
Cybercrime And Hacking Atlas
Slideshows  |  2/20/2016  | 
A geographic guide with cybercrime threat and target trends in 10 notable countries.
New Trojan Xbot A Swiss-Army Knife Of Malicious Features
News  |  2/19/2016  | 
Malware can steal banking and card info, encrypt SD cards, intercept messages and more, say researchers at Palo Alto Networks
Web Gateways Need Backstops
News  |  2/19/2016  | 
New report emphasizes the importance of layered defense.
Adding Up The Total Costs of Ransomware
Commentary  |  2/19/2016  | 
Its a lot more than just the ransom. We did the math.
Here Comes Locky, A Brand New Ransomware Threat
News  |  2/18/2016  | 
Infected Word files being used to spread ransomware, security researchers say.
The Secret Life Of Stolen Credentials
News  |  2/18/2016  | 
Bitglass Threat Research Team's Project Cumulus demonstrates what happens when Google Drive credentials are 'stolen.'
Navigating Next-Gen Endpoint Security: A Buyers Journey
Commentary  |  2/18/2016  | 
Organizations will face a market in a state of transition as they evaluate information security solutions from both new and established vendors.
5 Exploit Trends Driving Attacks Today
News  |  2/17/2016  | 
HPE Cyber Risk Report 2016 picks apart infection stats from the past year.
Glibc Flaw Affects Thousands Of Linux Apps But How Dangerous Is It?
News  |  2/17/2016  | 
The difficulty involved in exploiting flaw could mitigate some of the risk, say some security researchers.
Today's New Payment Card Security In A Nutshell
Commentary  |  2/17/2016  | 
Businesses taking their time rolling out EMV card-compatible terminals are putting their data security and financial well-being at risk.
A Not-So-Secret Secret About Cybercrime
Commentary  |  2/16/2016  | 
Cybersecurity is an issue business leaders fret a lot about in public, but they rarely treat the problem as a real and immediate threat.
Valentine's Day Inspires DDoS Attacks Against Online Florists
News  |  2/13/2016  | 
Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites.
Ukraine Railway, Mining Company Attacked With BlackEnergy
News  |  2/12/2016  | 
Weeks after the malware played a role in a massive power outage in the Ukraine, BlackEnergy and its cohort KillDisk were used in other attacks as well, Trend Micro says.
Perceptions Of IT Risk Changing In Business Ranks
News  |  2/12/2016  | 
Business leaders increasingly see IT risk as huge, but policy making and visibility still lag.
5 Reveals About Today's Attack M.O.s From Skype Spying Malware
News  |  2/11/2016  | 
T9000 backdoor is built with many of today's cybercriminal tricks up its sleeves.
The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks
Slideshows  |  2/10/2016  | 
From the costly to the clever to the just plain creepy, here are the recent phishing campaigns that have earned our reluctant recognition.
Simplifying Application Security: 4 Steps
Commentary  |  2/10/2016  | 
Its time to leave behind the misconceptions about the cost and effort required by effective application security. Heres how.
As Dyre Goes Quiet, Focus Turns On Other Banking Trojans
News  |  2/9/2016  | 
Dridex, Gozi, and Shifu are just three of the many malware tools that could replace Dyre, security researchers say.
New White House Cybersecurity Plan Creates Federal CISO
News  |  2/9/2016  | 
Cybersecurity National Action Plan aims to increase federal cybersecurity spending by 35 percent to modernize IT and address skills shortage, IoT.
Monday Morning Quarterbacking Super Bowl 50: Infosec Edition
Commentary  |  2/8/2016  | 
How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, theres a lot riding on your game, too.
10 Shocking New Facts About Ransomware
Slideshows  |  2/8/2016  | 
Ransomware has taken over the cybercriminal world in the last few years and there's no end in sight.
Online 'Batman' Takes On Dridex Banking Trojan Operators
News  |  2/5/2016  | 
Several Dridex malware download sites have begun mysteriously serving up antivirus software instead.
Heres How To Protect Against A Ransomware Attack
News  |  2/4/2016  | 
Recovering data encrypted by a ransomware attack is next to impossible, so prevention offers the better approach.
Agriculture, Alternative Energy Could Be Chinese Hackers' Next Targets
News  |  2/3/2016  | 
Perhaps Anthem and Premera breaches were not just about stealing PII, but about researching the ins and outs of Western healthcare systems, CrowdStrike's annual global threat report says.
Zero Trust: Now A Critical Foundation For Securing Mobile
Commentary  |  2/3/2016  | 
No longer willing to rely on an OS that doesn't provide the security features they need, developers are taking steps to secure apps, defend data, and protect users.
As Good As They're Getting, Analytics Don't Inherently Protect Data
Commentary  |  2/2/2016  | 
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
Encryption Has Its Place But It Isnt Foolproof
Commentary  |  2/2/2016  | 
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
Macro Malware Resurgence Highlighted By Kasidet Outbreak
News  |  2/2/2016  | 
Also known as Neutrino, this piece of malware is another case of Office macro malaise.
First Hacker Arrested for CyberTerror Charges Arrives In American Court
Quick Hits  |  2/1/2016  | 
Kosovo citizen faces a maximum sentence of 35 years in prison for hacking and providing material support to ISIS.
IEEE Anti-Malware Support Service Goes Live
Commentary  |  2/1/2016  | 
Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection.


Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16531
PUBLISHED: 2019-09-20
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVE-2019-9717
PUBLISHED: 2019-09-19
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVE-2019-9719
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9720
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-16525
PUBLISHED: 2019-09-19
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.