Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2019
Page 1 / 2   >   >>
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
Data Leak Exposes Dow Jones Watchlist Database
Quick Hits  |  2/28/2019  | 
The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone.
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
News  |  2/28/2019  | 
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
Bots Plague Ticketing Industry
News  |  2/28/2019  | 
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
In 2019, Cryptomining Just Might Have an Even Better Year
Commentary  |  2/28/2019  | 
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
IoT, APIs, and Criminal Bots Pose Evolving Dangers
News  |  2/27/2019  | 
A pair of reports reach similar conclusions about some of the threats growing in cyberspace and the industries likely to be most affected.
More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
News  |  2/27/2019  | 
As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Booter Owner Pleads Guilty in Federal Court
Quick Hits  |  2/27/2019  | 
Illinois man offered "DDoS for hire" services that hit millions of victims.
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Whose Line Is It? When Voice Phishing Attacks Get Sneaky
News  |  2/27/2019  | 
Researchers investigate malicious apps designed to intercept calls to legitimate numbers, making voice phishing attacks harder to detect.
Researchers Build Framework for Browser-Based Botnets
News  |  2/26/2019  | 
HTML5 used to build persistent malware on victims' computers.
Former Kaspersky Lab Expert Sentenced in Russia for Treason
Quick Hits  |  2/26/2019  | 
Ruslan Stoyanov gets 14 years in Russian prison.
Social Media Platforms Double as Major Malware Distribution Centers
News  |  2/26/2019  | 
Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.
DIY Botnet Detection: Techniques and Challenges
Commentary  |  2/26/2019  | 
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack
News  |  2/26/2019  | 
Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.
Kenna Security and Sonatype Partner for Open Source Vulnerability Intelligence
Quick Hits  |  2/26/2019  | 
The pairing brings Sonatype data on open source components to the Kenna Security platform.
Attackers Continue to Focus on Users, Well-Worn Techniques
News  |  2/26/2019  | 
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.
New Arm Certification Aims to Secure IoT Devices
News  |  2/25/2019  | 
A three-tier certification regimen shows adherence to the Platform Security Architecture.
TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised
Quick Hits  |  2/25/2019  | 
Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.
Secure the System, Help the User
Commentary  |  2/25/2019  | 
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
Lessons From the War on Malicious Mobile Apps
News  |  2/22/2019  | 
Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter.
New Malware Campaign Targets Job Seekers
Quick Hits  |  2/22/2019  | 
LinkedIn profiles provide a persistent, patient threat actor with the information required to craft spear-phishing messages.
Human Negligence to Blame for the Majority of Insider Threats
News  |  2/21/2019  | 
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web a 20% jump from 2018.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
New Free Tool Scans for Chrome Extension Safety
Quick Hits  |  2/21/2019  | 
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
Cyber Extortionists Can Earn $360,000 a Year
News  |  2/21/2019  | 
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
As Businesses Move Critical Data to Cloud, Security Risks Abound
News  |  2/20/2019  | 
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
POS Vendor Announces January Data Breach
Quick Hits  |  2/20/2019  | 
More than 120 restaurants were affected by an incident that exposed customer credit card information.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Quick Hits  |  2/20/2019  | 
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
News  |  2/20/2019  | 
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
6 Tax Season Tips for Security Pros
Slideshows  |  2/19/2019  | 
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
Breach in Stanford System Exposes Student Records
Quick Hits  |  2/19/2019  | 
A wide variety of data was visible through the vulnerability.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Hackers Found Phishing for Facebook Credentials
Quick Hits  |  2/15/2019  | 
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
Staffing Shortage Makes Vulnerabilities Worse
Quick Hits  |  2/15/2019  | 
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
Windows Executable Masks Mac Malware
News  |  2/13/2019  | 
A new strain of MacOS malware hides inside a Windows executable to avoid detection.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Scammers Fall in Love with Valentine's Day
News  |  2/13/2019  | 
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...