Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2017
Page 1 / 2   >   >>
Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses
Partner Perspectives  |  2/28/2017  | 
A recent Bitdefender survey of 250 US IT execs in companies with 1000 or more PCs paints a disturbing picture of cybersecurity preparedness in the enterprise.
Zones of Trust: A New Way of Thinking about IoT Security
Commentary  |  2/28/2017  | 
Recent attacks have focused attention on how to safely add "things"to enterprise networks, a topic that straddles IT and physical security. A zones-of-trust approach may be the answer.
Today on Dark Reading: Your Costs, Risks & Metrics Questions Answered
Commentary  |  2/27/2017  | 
First up on the Dark Reading upcoming events calendar is our Dark Reading Virtual Event Tuesday, Feb. 28.
20 Questions for SecOps Platform Providers
Commentary  |  2/27/2017  | 
Security operations capabilities for the masses is long overdue. Heres how to find a solution that meets your budget and resources.
In Cybersecurity, Language Is a Source of Misunderstandings
Commentary  |  2/27/2017  | 
To successfully fight threats across industries, we must all use the same terminology.
20 Cybersecurity Startups To Watch In 2017
Slideshows  |  2/24/2017  | 
VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.
IaaS: The Next Chapter In Cloud Security
Commentary  |  2/24/2017  | 
Organizations adopting IaaS must update their approach to security by using the shared responsibility model.
Blockchains New Role In The Internet of Things
Commentary  |  2/23/2017  | 
With next gen distributed consensus algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devices
Microsoft Releases Security Updates For Some, Not All, Flaws
Quick Hits  |  2/23/2017  | 
February 21 release addresses Adobe Flash Player bugs for Internet Explorer on Windows 8.1 and Edge for Windows 10.
End-Of-Life Software Alive And Well On US PCs
News  |  2/23/2017  | 
7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows.
Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified
News  |  2/22/2017  | 
ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for.
Tunneling Through The "Walls" Of IoT In The Enterprise
Commentary  |  2/22/2017  | 
The movie "Die Hard" has a thing or two to teach us about the pitfalls of the Internet of Things.
Why We Need To Reinvent How We Catalogue Malware
Commentary  |  2/22/2017  | 
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
80% Of Web Applications Contain At Least One Security Bug
Quick Hits  |  2/22/2017  | 
Study by Contrast Security finds an average of 45 vulnerabilities per Web application.
Social Media Impersonators Drive Security Risk
News  |  2/21/2017  | 
A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.
Law Enforcement At RSAC: Collaboration Is Key To Online Crime Fighting
News  |  2/21/2017  | 
Agencies and investigators are reaching out across jurisdictions and international borders to vanquish spammers, botnet operators, and worse.
Preparing Security For Windows 7 End-Of-Life Support
Commentary  |  2/21/2017  | 
Moving to Microsoft's latest OS may give you flashbacks to when XP support ended.
Controlling Privileged Access To Prevent Rogue Users In Active Directory
Commentary  |  2/20/2017  | 
Knowing which of your employees have which privileges is the first step to staying safe.
Most CISOs Fear Known Breaches Go Unaddressed
Quick Hits  |  2/20/2017  | 
Research indicates 80% of CISOs worry their companies aren't reacting to flagged data breaches.
Closing The Cybersecurity Skills Gap With STEM
Commentary  |  2/17/2017  | 
As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.
After Election Interference, RSA Conference Speakers Ask What Comes Next
News  |  2/17/2017  | 
Election-tampering called 'a red line we should not allow anyone to cross.'
MEDJACK.3 Poses Advanced Threat To Hospital Devices
News  |  2/16/2017  | 
A newly discovered version of the "medical device hijack" attack targets older operating systems to bypass security measures and steal patient data.
New Attack Threatens Android For Work Security
News  |  2/16/2017  | 
The enterprise privacy app, designed to separate personal and business information, is open to attacks putting corporate data at risk.
What To Do When All Malware Is Zero-Day
Commentary  |  2/15/2017  | 
The industry needs new methods to fingerprint malware in order to determine who's behind breaches, and what can be done to stop them.
IoT Security: A Ways To Go, But Some Interim Steps For Safety
News  |  2/15/2017  | 
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
The 10 Most Cyber-Exposed Cities In The US
News  |  2/15/2017  | 
At RSAC, Trend Micro researchers showcase municipalities with the highest percentage of discoverable devices and systems connected via the public Internet.
Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'
Quick Hits  |  2/14/2017  | 
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
IBM Brings Watson Cognitive Computing To The SOC
News  |  2/13/2017  | 
Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.
You Can't Hire Your Way Out Of A Skills Shortage ... Yet
Commentary  |  2/13/2017  | 
It will take much effort to fix the IT and cybersecurity talent crisis, but it is possible.
New Bug Bounty Program Targets IoT Security
News  |  2/13/2017  | 
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
Verizon Data Breach Digest Triangulates Humanity Inside Security
News  |  2/13/2017  | 
The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
Keep Employees Secure, Wherever They Are
Commentary  |  2/10/2017  | 
As workers grow more dispersed, organizations need to focus on three areas to maintain security.
Hacking The Penetration Test
News  |  2/9/2017  | 
Penetration testers rarely get spotted, according to a Rapid7 report analyzing its real-world engagements.
4 Signs You, Your Users, Tech Peers & C-Suite All Have 'Security Fatigue'
Commentary  |  2/9/2017  | 
If security fatigue is the disease we've all got, the question is how do we get over it?
Threat Hunting Becoming Top Of Mind Issue For SOCs
News  |  2/9/2017  | 
Nearly 80% of the respondents in a LinkedIn poll said that threat hunting already is, or should be a top-level initiative.
InfoSec Teams Share Keys To CISO Success
News  |  2/9/2017  | 
Tech expertise and business engagement are critical for CISOs who want to strengthen security but lack authority in their organizations.
Harvest Season: Why Cyberthieves Want Your Compute Power
Commentary  |  2/9/2017  | 
Attackers are hijacking compute power in order to pull off their other crimes.
Facebook Aims To Shape Stronger Security Practices
News  |  2/8/2017  | 
Facebook is among social platforms focusing on security as social media poses a growing risk to individuals and businesses.
What to Watch (& Avoid) At RSAC
Commentary  |  2/8/2017  | 
A renowned security veteran shares his RSA dance card, offering views on technologies destined for the dustbin of history and those that will move the industry forward.
Enterprise Android Vs iOS: Which is More Secure?
Commentary  |  2/7/2017  | 
The answer is not as simple as you think. A mobile security expert parses the pros and cons.
The Promise & Peril Of The App Era
Commentary  |  2/7/2017  | 
Sure, apps are convenient. But when not properly assessed, they can cause security holes.
Vulnerabilities Hit High Water Mark in 2016
News  |  2/6/2017  | 
The good news is that coordinated disclosure keeps getting better.
Fight Back Against Ransomware
Commentary  |  2/6/2017  | 
The No More Ransom project helps those affected by ransomware and works to prevent the problem's spread.
InterContinental Confirms Security Breach At 12 US Hotels
Quick Hits  |  2/6/2017  | 
Investigation reveals payment cards of customers were compromised between August and December.
Talking Cybersecurity From A Risk Management Point of View
Commentary  |  2/3/2017  | 
CenturyLink CSO David Mahon reflects on the evolution of the chief information security officer, and why todays CISOs are increasingly adopting a risk-based approach to security.
Metasploit Can Now Be Directly Linked To Hardware For Vulnerability Testing
News  |  2/2/2017  | 
New hardware bridge extends penetration testing tools capabilities into physical world.
HD Moore Joins Research-Driven Consulting Firm
News  |  2/2/2017  | 
Metasploit creator joins Atredis Partners.
10 Essential Elements For Your Incident-Response Plan
Slideshows  |  2/2/2017  | 
The middle of a DDoS attack or ransomware infection is hardly the time to start talking about divisions of labor, or who should do what when.
Netherlands Opts For Manual Vote-Count Amid Cyberattack Fears
Quick Hits  |  2/2/2017  | 
Ballots will be counted by hand in the March 15 election after doubts surface over the safety and security of electronic system.
Netgear Addresses Password Bypass Vulns In 31 Router Models
News  |  2/1/2017  | 
Company has made patches, workarounds available to mitigate password bypass threat that potentially impacted 1 million devices, Trustwave says.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.