Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2019
Page 1 / 2   >   >>
7 Malware Families Ready to Ruin Your IoT's Day
Slideshows  |  3/29/2019  | 
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
UK Watchdog Criticizes Huawei for Lax Software Security, Development
News  |  3/29/2019  | 
Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.
Microsoft Takes Down 99 Hacker-Controlled Websites
News  |  3/28/2019  | 
A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers
Quick Hits  |  3/28/2019  | 
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.
Quantum Computing and Code-Breaking
Commentary  |  3/28/2019  | 
Prepare today for the quantum threats of tomorrow.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Commentary  |  3/28/2019  | 
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
Inside Cyber Battlefields, the Newest Domain of War
News  |  3/28/2019  | 
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
GAO Finds Deficiencies in Systems for Handling National Debt
Quick Hits  |  3/27/2019  | 
IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Russia Regularly Spoofs Regional GPS
News  |  3/26/2019  | 
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
Under Attack: Over Half of SMBs Breached Last Year
Commentary  |  3/26/2019  | 
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
87% of Cloud Pros Say Lack of Visibility Masks Security
Quick Hits  |  3/26/2019  | 
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers – who served as head of the NSA and the US Cyber Command from 2014 to 2018 – on how to handle the risk of insiders exposing an organization's sensitive data.
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
News  |  3/25/2019  | 
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards—just like the real marketplace.
IT Leaders, Employees Divided on Data Security
Quick Hits  |  3/25/2019  | 
Execs and employees have dramatically different ideas of how much information is being lost and why – a gap that puts enterprise data in grave danger.
Two Found Guilty in Online Dating, BEC Scheme
Quick Hits  |  3/22/2019  | 
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Businesses Manage 9.7PB of Data but Struggle to Protect It
News  |  3/21/2019  | 
What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Quick Hits  |  3/21/2019  | 
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
Hacker AI vs. Enterprise AI: A New Threat
Commentary  |  3/21/2019  | 
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
News  |  3/21/2019  | 
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac
News  |  3/21/2019  | 
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Commentary  |  3/21/2019  | 
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
Google Photos Bug Let Criminals Query Friends, Location
News  |  3/20/2019  | 
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
Less Than 3% of Recycled Computing Devices Properly Wiped
News  |  3/20/2019  | 
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Quick Hits  |  3/20/2019  | 
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
Microsoft Office Dominates Most Exploited List
News  |  3/19/2019  | 
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
DDoS Attack Size Drops 85% in Q4 2018
News  |  3/19/2019  | 
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
The Case of the Missing Data
Commentary  |  3/19/2019  | 
The latest twist in the Equifax breach has serious implications for organizations.
Norsk Hydro Shuts Plants Amid Ransomware Attack
Quick Hits  |  3/19/2019  | 
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
Stealing Corporate Funds Still Top Goal of Messaging Attacks
News  |  3/19/2019  | 
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
Crowdsourced vs. Traditional Pen Testing
Commentary  |  3/19/2019  | 
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
Are You Prepared for a Zombie (Domain) Apocalypse?
Commentary  |  3/18/2019  | 
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
Businesses Increase Investments in AI and Machine Learning
Quick Hits  |  3/14/2019  | 
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
New Malware Shows Marketing Polish
News  |  3/13/2019  | 
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
GPS Spoof Hits Geneva Motor Show
Quick Hits  |  3/13/2019  | 
Incident leaves GPS units showing a location in England and a date 17 years in the future.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Quick Hits  |  3/13/2019  | 
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
There May Be a Ceiling on Vulnerability Remediation
News  |  3/12/2019  | 
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
Web Apps Are Becoming Less Secure
News  |  3/12/2019  | 
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
News  |  3/12/2019  | 
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
How the Best DevSecOps Teams Make Risk Visible to Developers
News  |  3/12/2019  | 
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
Box Mistakes Leave Enterprise Data Exposed
Quick Hits  |  3/12/2019  | 
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
5 Essentials for Securing and Managing Windows 10
Commentary  |  3/12/2019  | 
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-46481
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
CVE-2021-46482
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
CVE-2021-46483
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.
CVE-2021-44988
PUBLISHED: 2022-01-25
Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
CVE-2021-44992
PUBLISHED: 2022-01-25
There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.