Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2018
<<   <   Page 2 / 2
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018  | 
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018  | 
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Patch Tuesday: Prioritize Browser Updates
Quick Hits  |  3/13/2018  | 
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018  | 
Israel-based firm says it found critical bugs in AMD's newest chip families.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018  | 
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018  | 
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018  | 
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018  | 
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018  | 
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Malware Leveraging PowerShell Grew 432% in 2017
News  |  3/12/2018  | 
Cryptocurrency mining and ransomware were other major threats.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018  | 
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018  | 
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018  | 
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018  | 
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
China's Vulnerability Database Altered to Hide Govt. Influence
News  |  3/9/2018  | 
Recorded Future says move designed to hide fact that CNNVD routinely delays publication of high-risk flaws so government can assess them for offensive use.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018  | 
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018  | 
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018  | 
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
CIGslip Lets Attackers Bypass Microsoft Code Integrity Guard
News  |  3/8/2018  | 
The new technique would enable attackers to inject malicious content into Microsoft Edge and other protected processes.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
News  |  3/8/2018  | 
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018  | 
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
Intel SGX Can Be Used to Hide, Execute Malware
News  |  3/7/2018  | 
The microprocessor giant's Software Guard Extensions security feature can be abused to implement virtually undetectable malware, Graz University researchers say.
Researchers Defeat Android OEMs' Security Mitigations
News  |  3/7/2018  | 
At Black Hat Asia, two security experts will bypass security improvements added to Android by equipment manufacturers.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018  | 
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Memcached DDoS Attack: Kill Switch, New Details Disclosed
Quick Hits  |  3/7/2018  | 
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.
Why Security-Driven Companies Are More Successful
Commentary  |  3/7/2018  | 
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.
Design Weakness in Microsoft CFG Allows Complete Bypass
News  |  3/6/2018  | 
Researchers from Italy's University of Padua will demo a new technique to evade Control Flow Guard, the widely deployed security mechanism, at Black Hat Asia.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018  | 
The auto industry should seize the opportunity and get in front of this issue.
Second Ransomware Round Hits Colorado DOT
Quick Hits  |  3/6/2018  | 
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks.
Insider Threat Seriously Undermining Healthcare Cybersecurity
News  |  3/5/2018  | 
Two separate reports suggest insiders of the malicious and careless variety pose more of a problem in healthcare than any other sector.
More Security Vendors Putting 'Skin in the Game'
News  |  3/5/2018  | 
Secure messaging and collaboration provider Wickr now publicly shares security testing details of its software.
6 Questions to Ask Your Cloud Provider Right Now
Slideshows  |  3/5/2018  | 
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
CERT.org Goes Away, Panic Ensues
Quick Hits  |  3/5/2018  | 
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018  | 
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.
A Secure Development Approach Pays Off
Commentary  |  3/2/2018  | 
Software security shouldn't be an afterthought. That's why the secure software development life cycle deserves a fresh look.
'Chafer' Uses Open Source Tools to Target Iran's Enemies
News  |  3/1/2018  | 
Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.
Securing the Web of Wearables, Smartphones & Cloud
News  |  3/1/2018  | 
Why security for the Internet of Things demands that businesses revamp their software development lifecycle.
GitHub Among Victims of Massive DDoS Attack Wave
Quick Hits  |  3/1/2018  | 
GitHub reports its site was unavailable this week when attackers leveraged Memcached servers to generate large, widespread UDP attacks.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018  | 
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
Phishers Target Social Media
News  |  3/1/2018  | 
Financial institutions still the number one target, according to a new report by RiskIQ.
ICS Under Fire in 2017
News  |  3/1/2018  | 
New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36260
PUBLISHED: 2021-09-22
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVE-2021-39404
PUBLISHED: 2021-09-22
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
CVE-2021-3583
PUBLISHED: 2021-09-22
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This...
CVE-2021-39339
PUBLISHED: 2021-09-22
The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.
CVE-2021-38153
PUBLISHED: 2021-09-22
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixe...