Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2016
Page 1 / 2   >   >>
Apples Workflow For Enterprise iOS App Distribution Vulnerable To Attack
News  |  3/31/2016  | 
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
Symantec: Financial Trojans Declined By 73% In 2015
News  |  3/31/2016  | 
Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions.
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Partner Perspectives  |  3/31/2016  | 
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Commentary  |  3/31/2016  | 
How adding supervised machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
Business Disruption A Big Focus In 2015 Cyberattacks
News  |  3/30/2016  | 
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
'FBiOS' Case Heading For A New Firestorm
Commentary  |  3/30/2016  | 
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
Machine Learning In Security: Good & Bad News About Signatures
Commentary  |  3/30/2016  | 
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
Cybercrime: A Black Market Price List From The Dark Web
Slideshows  |  3/30/2016  | 
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
6 Hot Cybersecurity Startups: MACH37s Spring Class Of 2016
Slideshows  |  3/28/2016  | 
Intense 90-day program mentors budding entrepreneurs in the finer points of developing a viable technology business for the real world of information security.
How To Share Threat Intelligence Through CISA: 10 Things To Know
News  |  3/26/2016  | 
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS's new guidelines.
Dangerous New USB Trojan Discovered
News  |  3/25/2016  | 
'USB Thief' could be used for targeted purposes, researchers at ESET say.
In Brief: Using Offense To Create Best Defense
In Brief: Using Offense To Create Best Defense
Dark Reading Videos  |  3/25/2016  | 
Carbon Black execs talk about how their background in offensive security helps them think like attackers, and better defend against them.
How 4 Startups Are Harnessing AI In The Invisible Cyberwar
Commentary  |  3/25/2016  | 
Cybersecurity startups are setting their scopes on a potential goldmine of automated systems they hope will be more effective than hiring human enterprise security teams.
Apple Zero-Day Flaw Leaves OS X Systems Vulnerable to Attack
News  |  3/24/2016  | 
All versions of OS X including El Capitan affected by bug, SentinelOne says
Mobile Security: Why App Stores Dont Keep Users Safe
Commentary  |  3/24/2016  | 
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
IRS Tax Fraud And Phishing Advances
News  |  3/23/2016  | 
New techniques and automation have bad guys making more money than ever off of unsuspecting taxpayers.
Multiple Hospitals Hit In Ransomware Attack Wave
News  |  3/23/2016  | 
In the past week alone, three hospitals have reported being victimized by cyber-extortionists.
The Threat Of Security Analytics Complexity
The Threat Of Security Analytics Complexity
Dark Reading Videos  |  3/23/2016  | 
Congratulations! You're protecting your organization with layered security...but now you're drowning in more security analytics data flows than you can handle.
What The Feds Said At RSA
Slideshows  |  3/23/2016  | 
A look at some of the insights top US government officials from the White House, DoD, NSA, FBI, and other agencies shared at the RSA Conference in San Francisco last month.
Uber Launches Bug Bounty Program
Quick Hits  |  3/23/2016  | 
Uber in collaboration with HackerOne, will reward ethical hackers up to $10,000 for finding vulnerabilities in its software.
Think Risk When You Talk About Application Security Today
Commentary  |  3/23/2016  | 
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
Dark Reading Videos  |  3/22/2016  | 
Chief security officer of Fidelis Cybersecurity talks about the balancing act of both protecting the organization's insiders and protecting the organization from its insiders.
In Brief: Transforming SOCs to SICs
In Brief: Transforming SOCs to SICs
Dark Reading Videos  |  3/22/2016  | 
SPONSORED: Greg Boison, director of homeland and cybersecurity for Lockheed Martin, talks to Brian Gillooly at the RSA Conference about how to transform a security operations center into a security intelligence center, and Lockheed Martin's approach. See the full interview here.
Here Are 4 Vulnerabilities Ransomware Attacks Are Exploiting Now
News  |  3/22/2016  | 
A zero-day exploit exposed in the Hacking Team breach is among the top weapons deployed in recent ransomware attacks, as well as lots of Flash.
Vuln Disclosure: Why Security Vendors & Researchers Dont Trust Each Other
Commentary  |  3/22/2016  | 
The security industry doesnt need a one-size-fits all vulnerability disclosure policy. It needs a culture change. Getting everyone to the table is the first step.
iMessage Encryption Cracked, But Fixed In New iOS 9.3
News  |  3/21/2016  | 
While FBI fights with Apple over iPhone encryption, Johns Hopkins researchers find a weakness in secure IM on iOS, OSX.
#SaveSecurity Campaign Protests FBI's iPhone Unlocking Request
Quick Hits  |  3/21/2016  | 
Fight for the Future will publicly display and read aloud thousands of comments outside the US District courthouse at Apple vs. FBI hearing on March 22.
Cloud Security: Understanding New Risks, Rising To New Challenges
Commentary  |  3/21/2016  | 
In a business world dominated by the cloud, security ops has to change the way we play the game in order to accomplish our strategic goals.
Lessons From The Ukraine Electric Grid Hack
News  |  3/18/2016  | 
New SANS analysis on how the attackers broke in and took control of the industrial control systems at three regional power firms in the Ukraine and shut off the lights.
Feds Urge Caution On Aftermarket Devices That Plug Into Vehicle Diagnostic Ports
News  |  3/18/2016  | 
Vulnerabilities in such products could give attackers a way to access and control critical vehicle systems, the FBI, DOT, and NHTSA warn.
No Place For Tor In The Secured Workplace
Commentary  |  3/18/2016  | 
When it comes to corporate security, anonymity does not necessarily ensure protection of ones private information nor that of your employer.
New Apple iPhone Malware Exploits DRM Mechanism To Spread
News  |  3/17/2016  | 
But threat limited mainly to users looking to jailbreak phone or install pirated apps.
Security Lessons From My Stock Broker
Commentary  |  3/17/2016  | 
Or, how to lie with metrics.
Beyond Back Doors: Recalibrating The Encryption Policy Debate
Commentary  |  3/17/2016  | 
Three compelling reasons why access to back doors should not be the intelligence and law enforcement communitys main policy thrust in the fight against terrorism.
Home Depot To Pay $19.5 Million In Data Breach Settlement
Quick Hits  |  3/17/2016  | 
Home improvement chain agrees to pay for out-of-pocket losses incurred by US shoppers from 2014 data breach, and promises to improve its payment systems' data security.
Half Of IT Departments Lack Confidence In Their Security Solutions
News  |  3/16/2016  | 
IT, C-level executives view their organizations' security differently, new report finds.
Ransomware Will Spike As More Cybercrime Groups Move In
News  |  3/16/2016  | 
The lure of easy money attracting organized groups is a trend that spells more trouble for enterprises, researchers say.
Anonymous To Launch Cyberattacks Against Trump Campaign Starting April 1
News  |  3/15/2016  | 
Planned attacks a response to candidates controversial campaign rhetoric, hacking collective says.
Ransomware: Putting Companies Between A Rock And A Hard Place
News  |  3/15/2016  | 
Paying a ransom encourages more attacks, but sometimes not paying could end up being a lot costlier
CISO Playbook: Suit-up & Play Offense
Commentary  |  3/15/2016  | 
In the game of IT security there are thousands of tools available, but the very best strategy to prepare for an opponent is to know your own weaknesses.
Understanding The 2 Sides Of Application Security Testing
Commentary  |  3/14/2016  | 
Everybody likes to focus on the top 10 vulnerabilities, but I've never found a company with a top 10 vulnerabilities problem. Every company has a different top 10.
FBI's Most Wanted Cybercriminals
Slideshows  |  3/14/2016  | 
The Federal Bureau of Investigation has got millions of dollars worth of rewards waiting for those who can help them nab these accused cyber thieves, spies and fraudsters.
Must Haves & Must Dos For The First Federal CISO
Commentary  |  3/11/2016  | 
Offensive and defensive experience, public/private sector know-how, mini-NSA mindset and vision are top traits we need in a chief information security officer.
Security Lessons From The Gluten Lie
Commentary  |  3/10/2016  | 
How faith healers and security vendors have learned what lies work.
Two Biggest Reasons Ransomware Keeps Winning
News  |  3/9/2016  | 
New report also makes predictions on what hijinks ransomware might get up to next.
Patch Management Still Plagues Enterprise
News  |  3/8/2016  | 
Half of organizations don't even know difference between applying a patch and remediating a vulnerability.
The New BEC Phishing Attack: Stealing Data Instead Of Cash
Quick Hits  |  3/8/2016  | 
Duped by phishers posing as company executives, Seagate and Snapchat expose employee tax, payroll data.
Hottest Topics To Come Out Of RSA Conference
News  |  3/8/2016  | 
Encryption, bug bounties, and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week.
When Encryption Becomes The Enemys Best Friend
News  |  3/5/2016  | 
The growth in SSL/TLS traffic has made it a lot easier for threat actors to slip attacks and malware past enterprise defenses.
7 Attack Trends Making Security Pros Sweat
News  |  3/3/2016  | 
A look at the most dangerous threats and what to expect for the rest of 2016.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...