Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2018
Page 1 / 2   >   >>
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
News  |  2/28/2018  | 
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
News  |  2/23/2018  | 
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
News  |  2/22/2018  | 
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
IRS Warns of Spike in W-2 Phishing Emails
Quick Hits  |  2/22/2018  | 
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
News  |  2/21/2018  | 
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018  | 
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Slideshows  |  2/21/2018  | 
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
Researcher to Release Free Attack Obfuscation Tool
News  |  2/20/2018  | 
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Vulnerabilities Broke Records Yet Again in 2017
News  |  2/20/2018  | 
Meanwhile, organizations still struggle to manage remediation.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
North Korea-Linked Cyberattacks Spread Out of Control: Report
News  |  2/15/2018  | 
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Air Force Awards $12,500 for One Bug
Quick Hits  |  2/15/2018  | 
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Intel Expands Bug Bounty Program, Offers up to $250K
News  |  2/14/2018  | 
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
As Primaries Loom, Election Security Efforts Behind Schedule
Quick Hits  |  2/13/2018  | 
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
Microsoft Fixes Two Security Flaws in Outlook
News  |  2/13/2018  | 
February security patches include updates for 50 vulnerabilities, 14 of which are critical.
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
News  |  2/13/2018  | 
A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Cyberattack Aimed to Disrupt Opening of Winter Olympics
News  |  2/12/2018  | 
Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
One in Three SOC Analysts Now Job-Hunting
News  |  2/12/2018  | 
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Google Paid $2.9M for Vulnerabilities in 2017
News  |  2/9/2018  | 
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
8 Nation-State Hacking Groups to Watch in 2018
Slideshows  |  2/9/2018  | 
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Russian Authorities Arrest Engineers for Cryptocurrency Mining at Nuclear Weapons Site
Quick Hits  |  2/9/2018  | 
The nuclear weapons facility employees reportedly tried to mine cryptocurrency via a supercomputer.
New POS Malware Steals Data via DNS Traffic
News  |  2/8/2018  | 
UDPoS is disguised to appear like a LogMeIn service pack, Forcepoint says.
Apple iOS iBoot Secure Bootloader Code Leaked Online
Quick Hits  |  2/8/2018  | 
Lawyers for Apple called for the source code to be removed from GitHub.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
North Korean APT Group Employed Rare Zero-Day Attack
News  |  2/7/2018  | 
Recent Adobe Flash exploit discovered against South Korean targets likely purchased, not developed by the hacking group.
Cisco Issues New Patch for Critical ASA Vulnerability
Quick Hits  |  2/7/2018  | 
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...