Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2014
Community & A Virtual Handshake
Commentary  |  3/31/2014  | 
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
Bit Errors & the Internet of Things
Commentary  |  3/31/2014  | 
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
Hackers Cash In On ATMs
News  |  3/28/2014  | 
Malware uses text messages and other techniques to infect ATMs and ultimately allow criminals to steal cash.
Flying Naked: Why Most Web Apps Leave You Defenseless
Commentary  |  3/28/2014  | 
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
Android Apps Hide Crypto-Currency Mining Malware
News  |  3/27/2014  | 
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
Outlook Users Face Zero-Day Attack
News  |  3/25/2014  | 
Simply previewing maliciously crafted RTF documents in Outlook triggers exploit of bug present in Windows and Mac versions of Word, Microsoft warns.
Symantec Fires CEO In Surprise Move
News  |  3/21/2014  | 
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
Will Target Face FTC Probe?
News  |  3/20/2014  | 
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
Many Businesses Fail To Disclose Data Breaches
News  |  3/19/2014  | 
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
Linux Takeover Artists Fling 35M Spam Messages Daily
News  |  3/19/2014  | 
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
Attackers Hit Clearinghouse Selling Stolen Target Data
News  |  3/18/2014  | 
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
DDoS Attacks Hit NATO, Ukrainian Media Outlets
News  |  3/17/2014  | 
As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine."
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Target Ignored Data Breach Alarms
News  |  3/14/2014  | 
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn
Samsung Galaxy Security Alert: Android Backdoor Discovered
News  |  3/13/2014  | 
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
Your Cloud Was Breached. Now What?
Commentary  |  3/12/2014  | 
Youre not happy. You just experienced a breach. Heres how to keep calm and secure your cloud.
Bitcoin, Meet Darwin: Crypto Currency's Future
News  |  3/12/2014  | 
First-movers rarely survive, but some experts see a real future for government-issued crypto currency.
Retail Industry May Pool Intel To Stop Breaches
News  |  3/12/2014  | 
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
Snowden, Bitcoin, Data Breaches Foretell New Regulations
Commentary  |  3/12/2014  | 
It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws?
Experian ID Theft Exposed 200M Consumer Records
News  |  3/11/2014  | 
ID theft ring sold access to database with 200 million consumers' private data to 1,300 criminals.
IT Generations: Communicating Across The Great Divide
Commentary  |  3/11/2014  | 
At 25 years old, the World Wide Web today presents unique challenges for millennials and crusty curmudgeons alike. Here's how geeks of any age can learn to talk to each other.
Snowden: I'd Do It Again
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
Snowden: Encryption Is 'Defense Against The Dark Arts'
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest panel today, says he would definitely leak the surveillance documents all over again
Mt. Gox Chief Stole 100,000 Bitcoins, Hackers Claim
News  |  3/10/2014  | 
Cryptocurrency aficionados' ire stoked by leaked accounts showing 100,000 bitcoins remain missing.
Defending Against Targeted Attacks Requires Human Touch, Speakers Say
Quick Hits  |  3/10/2014  | 
Targeted attacks involve a human element that can be detected and stopped, speakers say at Dark Reading event
Black Hat Asia 2014: The Weaponized Web
News  |  3/7/2014  | 
These Black Hat Briefings explore ways the Web can be weaponized -- and how to defend against them
The Case For Browser-Based Access Controls
Commentary  |  3/7/2014  | 
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
Apple iOS Vulnerable To Hidden Profile Attacks
News  |  3/6/2014  | 
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
Yahoo Unfriends Facebook, Google Sign-In
Quick Hits  |  3/6/2014  | 
Yahoo drops third-party logins, will soon require Yahoo IDs
Bitcoin Heists Cause More Trouble
News  |  3/5/2014  | 
Attackers continue to pummel bitcoin "banks," exchanges, and crypto-currency users themselves via malware that steals virtual wallets.
Data Breach: Persistence Gives Hackers the Upper Hand
Commentary  |  3/5/2014  | 
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
Securing Software Requires Design, Testing, And Improvement
News  |  3/5/2014  | 
Adopting secure development, incorporating frequent testing, and creating measures of software security are important to create more secure code
Malware-Lobbing Hackers Seize 300,000 Routers
News  |  3/4/2014  | 
Hackers launch scam and malware campaigns after compromising a variety of routers running firmware with known vulnerabilities.
Hacking Critical Infrastructure Companies -- A Pen Tester's View
News  |  3/3/2014  | 
At the RSA Conference, a penetration tester outlines some of the elements of a successful attack on energy companies
Mt. Gox Bitcoin Meltdown: What Went Wrong
News  |  3/3/2014  | 
Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.
Supply-Chain Threats Still An Uncertain Danger
News  |  3/3/2014  | 
With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains
Name That Cartoon: Luck O' The Irish
Commentary  |  3/3/2014  | 
We provide the cartoon. You write the caption. Maybe you'll win a prize.
How To Fund Enterprise Cybersecurity: CISO Tips
News  |  3/3/2014  | 
How do you ensure funding for enterprise cybersecurity? Help C suite execs understand the true nature of cyberattacks.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.