Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2017
Page 1 / 2   >   >>
'Sundown' Rises as New Threat in Depleted Exploit Kit Landscape
News  |  3/31/2017  | 
New exploits and obfuscation tactics have made once second-tier EK a potent threat, researchers from Cisco Talos say.
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017  | 
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017  | 
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0
Quick Hits  |  3/30/2017  | 
Microsoft recommends upgrade to latest operating system for more protection.
Internet's Security Woes are Not All Technical
News  |  3/30/2017  | 
Google engineer Halvar Flake told Black Hat Asia attendees that flaws in organizational structure and market power put enterprises at risk.
30% of Q4 Malware was New or Zero-Day
Quick Hits  |  3/30/2017  | 
WatchGuard quarterly report, based on Firebox Feed data, lists five key findings on Internet security threats.
Russian Man Pleads Guilty for his Role in Ebury Botnet
Quick Hits  |  3/29/2017  | 
Maxim Senakh, arrested by Finnish authorities and extradited to the US, will be sentenced this August.
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Cerber Ransomware Now Evades Machine Learning
News  |  3/29/2017  | 
New variant has been broken into separate harmless-looking components to fool ML-based detection systems, Trend Micro says.
Cloud Security: New Research Says IT Pros Still Skittish
News  |  3/29/2017  | 
Respondents complain in two studies that traditional security tools dont work in the cloud, and cant deliver visibility across multiple cloud environments.
Should Trump Tackle Air-Gapped Critical Infrastructure?
News  |  3/28/2017  | 
MIT experts issue recommendations to the president, urging him to take elements of the electric grid and gas pipeline offline - but other security experts say that ship has sailed.
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
Exploit Kits: Winter 2017 Review
Partner Perspectives  |  3/28/2017  | 
We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
FBI: Attackers Targeting Anonymous FTP Servers in Healthcare
News  |  3/27/2017  | 
The FBI warns medical and dental organizations of cybercriminals targeting anonymous FTP servers to steal personal health data.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Cybercriminals Exploit March Madness Frenzy
Quick Hits  |  3/27/2017  | 
Users are clicking on dubious links to stream matches and exposing confidential data to hackers, says Zscaler.
Google Slams Symantec for 'Failures' in SSL/TLS Certificate Process
Quick Hits  |  3/24/2017  | 
Google Chrome engineers railed on Symantec for allegedly issuing thousands of security certificates that had not been properly validated.
America's JobLink Suffers Security Breach
Quick Hits  |  3/24/2017  | 
A third-party hacker exploited a flaw in America's JobLink application code to access the information of job seekers from 10 states.
US Senate Overturns Obama Consumer Privacy Rule
Quick Hits  |  3/24/2017  | 
The FCC regulation, passed in October, was rejected in a 50-to-48 vote and is now in the House of Representatives.
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Slideshows  |  3/23/2017  | 
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017  | 
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
LastPass Fixes Serious Security Flaw in Chrome, Firefox Extensions
Quick Hits  |  3/23/2017  | 
Password manager LastPass creates a workaround for a serious vulnerability affecting browser extensions in Chrome, Firefox, and Microsoft Edge.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Future of the SIEM
News  |  3/22/2017  | 
Current SIEM systems have flaws. Here's how the SIEM's role will change as mobile, cloud, and IoT continue to grow.
Hacked Sites Up By 32% in 2016 Over 2015, Says Google
Quick Hits  |  3/21/2017  | 
Webmasters should register on Search Console for hack notifications, advises the company.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Cisco Issues Advisory on Flaw in Hundreds of Switches
Quick Hits  |  3/21/2017  | 
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Slideshows  |  3/20/2017  | 
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
Bug Bounty Programs are Growing Up Fast and Paying More
News  |  3/20/2017  | 
As more organizations crowdsource the vulnerability-hunting of their software, the process itself has become more formal, as well as more lucrative for researchers.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
US-CERT Warns That HTTPS Inspection Tools Weaken TLS
Quick Hits  |  3/16/2017  | 
Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
Sound Waves Used to Hack Common Data Sensors
News  |  3/16/2017  | 
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
ERP Attack Risks Come into Focus
News  |  3/16/2017  | 
New highly critical SAP vulnerability highlights dangers against critical business software.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Google Removes Chamois Apps Botnet from Play Store
Quick Hits  |  3/16/2017  | 
Google has eliminated Chamois apps, which installed invisible apps and downloaded unwanted plugins without victims' knowledge.
The 6 Riskiest Social Media Habits to Avoid at Work
Slideshows  |  3/15/2017  | 
Cybercriminals are turning to Facebook, Twitter and other platforms to launch attacks via employee behavior that could be putting your business at risk.
Security in the Age of Open Source
Commentary  |  3/15/2017  | 
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Microsoft Fixes Critical Windows SMB Bug After Delay
Quick Hits  |  3/15/2017  | 
Microsoft's security patch release comes with nine ritical vulnerability fixes and nine bulletins.
WhatsApp, Telegram Flaw Gives Hackers Full Account Access
Quick Hits  |  3/15/2017  | 
A new vulnerability discovered in popular messaging services like WhatsApp and Telegram lets hackers assume complete control over accounts.
The Industrial Revolution of Application Security
Commentary  |  3/14/2017  | 
DevOps is driving big changes in the industry, but a cultural shift is needed.
Canada Takes Tax Site Offline After Apache Struts Attacks
Quick Hits  |  3/14/2017  | 
Hackers exploit vulnerability in Apache Struts 2 software of Statistics Canada but no damage done.
Enterprises Hit with Malware Preinstalled on their Androids
News  |  3/13/2017  | 
Check Point details evidence of mobile supply chain problems based on infections on devices at two large organizations.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
Stockpiling 0-Day Bugs Not So Dangerous After All, RAND Study Shows
News  |  3/10/2017  | 
A RAND Corp. study of more than 200 zero-days shows that benefits of disclosure can often be more modest than perceived.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing Writer,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.