Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2019
Page 1 / 2   >   >>
7 Malware Families Ready to Ruin Your IoT's Day
Slideshows  |  3/29/2019  | 
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
UK Watchdog Criticizes Huawei for Lax Software Security, Development
News  |  3/29/2019  | 
Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.
Microsoft Takes Down 99 Hacker-Controlled Websites
News  |  3/28/2019  | 
A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers
Quick Hits  |  3/28/2019  | 
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.
Quantum Computing and Code-Breaking
Commentary  |  3/28/2019  | 
Prepare today for the quantum threats of tomorrow.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Commentary  |  3/28/2019  | 
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
Inside Cyber Battlefields, the Newest Domain of War
News  |  3/28/2019  | 
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
GAO Finds Deficiencies in Systems for Handling National Debt
Quick Hits  |  3/27/2019  | 
IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Russia Regularly Spoofs Regional GPS
News  |  3/26/2019  | 
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
Under Attack: Over Half of SMBs Breached Last Year
Commentary  |  3/26/2019  | 
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
87% of Cloud Pros Say Lack of Visibility Masks Security
Quick Hits  |  3/26/2019  | 
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
News  |  3/25/2019  | 
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewardsjust like the real marketplace.
IT Leaders, Employees Divided on Data Security
Quick Hits  |  3/25/2019  | 
Execs and employees have dramatically different ideas of how much information is being lost and why a gap that puts enterprise data in grave danger.
Two Found Guilty in Online Dating, BEC Scheme
Quick Hits  |  3/22/2019  | 
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Businesses Manage 9.7PB of Data but Struggle to Protect It
News  |  3/21/2019  | 
What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Quick Hits  |  3/21/2019  | 
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
Hacker AI vs. Enterprise AI: A New Threat
Commentary  |  3/21/2019  | 
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
News  |  3/21/2019  | 
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac
News  |  3/21/2019  | 
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Commentary  |  3/21/2019  | 
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
Google Photos Bug Let Criminals Query Friends, Location
News  |  3/20/2019  | 
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
Less Than 3% of Recycled Computing Devices Properly Wiped
News  |  3/20/2019  | 
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Quick Hits  |  3/20/2019  | 
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
Microsoft Office Dominates Most Exploited List
News  |  3/19/2019  | 
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
DDoS Attack Size Drops 85% in Q4 2018
News  |  3/19/2019  | 
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
The Case of the Missing Data
Commentary  |  3/19/2019  | 
The latest twist in the Equifax breach has serious implications for organizations.
Norsk Hydro Shuts Plants Amid Ransomware Attack
Quick Hits  |  3/19/2019  | 
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
Stealing Corporate Funds Still Top Goal of Messaging Attacks
News  |  3/19/2019  | 
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
Crowdsourced vs. Traditional Pen Testing
Commentary  |  3/19/2019  | 
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
Are You Prepared for a Zombie (Domain) Apocalypse?
Commentary  |  3/18/2019  | 
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
Businesses Increase Investments in AI and Machine Learning
Quick Hits  |  3/14/2019  | 
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
New Malware Shows Marketing Polish
News  |  3/13/2019  | 
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
GPS Spoof Hits Geneva Motor Show
Quick Hits  |  3/13/2019  | 
Incident leaves GPS units showing a location in England and a date 17 years in the future.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Quick Hits  |  3/13/2019  | 
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
There May Be a Ceiling on Vulnerability Remediation
News  |  3/12/2019  | 
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
Web Apps Are Becoming Less Secure
News  |  3/12/2019  | 
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
News  |  3/12/2019  | 
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
How the Best DevSecOps Teams Make Risk Visible to Developers
News  |  3/12/2019  | 
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
Box Mistakes Leave Enterprise Data Exposed
Quick Hits  |  3/12/2019  | 
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
5 Essentials for Securing and Managing Windows 10
Commentary  |  3/12/2019  | 
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.