Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2015
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Heres proof.
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
News  |  3/31/2015  | 
Middle East, US, and other targets hit in nearly three-year-old 'Volatile Cedar' cyber attack campaign.
Hacking Back: Two Wrongs Dont Make A Right
Commentary  |  3/30/2015  | 
Heres the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
News  |  3/27/2015  | 
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
SSL/TLS Suffers 'Bar Mitzvah Attack'
News  |  3/26/2015  | 
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
Researchers Use Heat To Breach Air-Gapped Systems
News  |  3/25/2015  | 
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
Typical Users Know Less About Mobile Privacy Than They Think
News  |  3/24/2015  | 
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
Retailers Adopt Intel-Sharing Portal Used By Banks
News  |  3/24/2015  | 
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
Will POSeidon Preempt BlackPOS?
News  |  3/23/2015  | 
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
Whats missing in todays chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
Rush To Release Resulting In Vulnerable Mobile Apps
News  |  3/20/2015  | 
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organizations applications and infrastructure is daunting, especially if you are relying solely on manual methods.
Healthcare Breaches Like Premera First Stage Of Bigger Attacks?
News  |  3/18/2015  | 
With three new healthcare breaches announced this week, but no reported misuse of stolen data, what plans might attackers have for the identity records they pilfered from CHS, Anthem, Premera and others?
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The Anatomy of Advanced Persistent Threats
Partner Perspectives  |  3/18/2015  | 
The only way to keep intruders away is to use multiple security mechanisms.
The 7 Best Social Engineering Attacks Ever
Slideshows  |  3/17/2015  | 
Seven reminders of why technology alone isn't enough to keep you secure.
Microsoft Warns Of Phony Windows Live Digital Certificate
Quick Hits  |  3/17/2015  | 
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Partner Perspectives  |  3/16/2015  | 
Security vendors have a common goal when it comes to protecting their customers from danger. Whats missing is a common language and protocols for how and what to share.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. Its an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
ISACs Demystified
News  |  3/12/2015  | 
How some intelligence-sharing organizations operate in the face of today's threat landscape.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
News  |  3/12/2015  | 
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
News  |  3/11/2015  | 
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
Equation Group Cyberspying Activity May Date Back To The '90s
News  |  3/11/2015  | 
New Kaspersky Lab findings show how the 'master APT' nation-state group likely the longest-running cyber espionage gang of all, and newly discovered code artifacts include English-language clues.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Startup Focuses On Stopping Data Exfiltration
News  |  3/10/2015  | 
Former Akamai and Imperva exec heads up new security firm enSilo, launches an operating system-level endpoint security tool.
OpenSSL To Undergo Major Audit
News  |  3/9/2015  | 
The Linux Foundation's Core Infrastructure Initiative funding work to take a closer look at the TLS stack.
CryptoWall Makes a Comeback via Malicious Help Files
Partner Perspectives  |  3/9/2015  | 
Hackers use .chm attachments to execute malware on unsuspecting users.
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
News  |  3/6/2015  | 
Researchers had originally thought only Safari and Android affected by flaw.
Efforts To Team Up And Fight Off Hackers Intensify
News  |  3/5/2015  | 
New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency -- but not all of the necessary intel-sharing 'plumbing' is in place just yet.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
Securing Our Electric Power Grid Is Critical
Partner Perspectives  |  3/4/2015  | 
Highly complex infrastructure systems require protection against cyberattacks.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Enterprises Thirsting For Third-Party Threat Data
News  |  3/3/2015  | 
New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.
FREAK Out: Yet Another New SSL/TLS Bug Found
News  |  3/3/2015  | 
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations dont use it as a starting point to understand and mitigate risks within their environment.
What You Need To Know About Nation-State Hacked Hard Drives
News  |  3/2/2015  | 
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesnt exist.
Why Security Awareness Alone Wont Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but its no defense against low and slow attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.


Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16531
PUBLISHED: 2019-09-20
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVE-2019-9717
PUBLISHED: 2019-09-19
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVE-2019-9719
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9720
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-16525
PUBLISHED: 2019-09-19
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.