Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2015
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Heres proof.
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
News  |  3/31/2015  | 
Middle East, US, and other targets hit in nearly three-year-old 'Volatile Cedar' cyber attack campaign.
Hacking Back: Two Wrongs Dont Make A Right
Commentary  |  3/30/2015  | 
Heres the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
News  |  3/27/2015  | 
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
SSL/TLS Suffers 'Bar Mitzvah Attack'
News  |  3/26/2015  | 
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
Researchers Use Heat To Breach Air-Gapped Systems
News  |  3/25/2015  | 
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
Typical Users Know Less About Mobile Privacy Than They Think
News  |  3/24/2015  | 
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
Retailers Adopt Intel-Sharing Portal Used By Banks
News  |  3/24/2015  | 
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
Will POSeidon Preempt BlackPOS?
News  |  3/23/2015  | 
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
Whats missing in todays chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
Rush To Release Resulting In Vulnerable Mobile Apps
News  |  3/20/2015  | 
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organizations applications and infrastructure is daunting, especially if you are relying solely on manual methods.
Healthcare Breaches Like Premera First Stage Of Bigger Attacks?
News  |  3/18/2015  | 
With three new healthcare breaches announced this week, but no reported misuse of stolen data, what plans might attackers have for the identity records they pilfered from CHS, Anthem, Premera and others?
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The Anatomy of Advanced Persistent Threats
Partner Perspectives  |  3/18/2015  | 
The only way to keep intruders away is to use multiple security mechanisms.
The 7 Best Social Engineering Attacks Ever
Slideshows  |  3/17/2015  | 
Seven reminders of why technology alone isn't enough to keep you secure.
Microsoft Warns Of Phony Windows Live Digital Certificate
Quick Hits  |  3/17/2015  | 
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Partner Perspectives  |  3/16/2015  | 
Security vendors have a common goal when it comes to protecting their customers from danger. Whats missing is a common language and protocols for how and what to share.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. Its an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
ISACs Demystified
News  |  3/12/2015  | 
How some intelligence-sharing organizations operate in the face of today's threat landscape.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
News  |  3/12/2015  | 
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
News  |  3/11/2015  | 
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
Equation Group Cyberspying Activity May Date Back To The '90s
News  |  3/11/2015  | 
New Kaspersky Lab findings show how the 'master APT' nation-state group likely the longest-running cyber espionage gang of all, and newly discovered code artifacts include English-language clues.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Startup Focuses On Stopping Data Exfiltration
News  |  3/10/2015  | 
Former Akamai and Imperva exec heads up new security firm enSilo, launches an operating system-level endpoint security tool.
OpenSSL To Undergo Major Audit
News  |  3/9/2015  | 
The Linux Foundation's Core Infrastructure Initiative funding work to take a closer look at the TLS stack.
CryptoWall Makes a Comeback via Malicious Help Files
Partner Perspectives  |  3/9/2015  | 
Hackers use .chm attachments to execute malware on unsuspecting users.
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
News  |  3/6/2015  | 
Researchers had originally thought only Safari and Android affected by flaw.
Efforts To Team Up And Fight Off Hackers Intensify
News  |  3/5/2015  | 
New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency -- but not all of the necessary intel-sharing 'plumbing' is in place just yet.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
Securing Our Electric Power Grid Is Critical
Partner Perspectives  |  3/4/2015  | 
Highly complex infrastructure systems require protection against cyberattacks.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Enterprises Thirsting For Third-Party Threat Data
News  |  3/3/2015  | 
New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.
FREAK Out: Yet Another New SSL/TLS Bug Found
News  |  3/3/2015  | 
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations dont use it as a starting point to understand and mitigate risks within their environment.
What You Need To Know About Nation-State Hacked Hard Drives
News  |  3/2/2015  | 
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesnt exist.
Why Security Awareness Alone Wont Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but its no defense against low and slow attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.