Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2016
Page 1 / 2   >   >>
6 Steps for Responding to a Disruptive Attack
Slideshows  |  4/29/2016  | 
Todays threat landscape dictates that companies must have a workable incident response plan.
Stop Building Silos. Security Is Everyones Problem
Commentary  |  4/29/2016  | 
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
Hacker Group Exploits 'Hot Patching' In Windows To Cloak Cyber Espionage
News  |  4/28/2016  | 
Group called Platinum employs spear phishing and malicious use of hot patching to steal information from government agencies in Asia.
6 Reasons ISPs Must Step Up Defenses Against DDoS Attacks
Commentary  |  4/28/2016  | 
Conducting a DDoS attack used to require a significant amount of talent. But today, a high school student with basic hacking skills can access tools that will challenge even the most experienced ISP security teams.
Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled
News  |  4/28/2016  | 
Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame.
Top 10 Web Hacking Techniques For 2015
Slideshows  |  4/27/2016  | 
The most influential research on vulnerabilities and exploits, as voted on by the security community.
'Dogspectus' Breaks New Ground For Android Ransomware
News  |  4/26/2016  | 
Blue Coat says it's the first Android ransomware that installs without user interaction
The Growing Sophistication Of Distributed Attacks
News  |  4/26/2016  | 
Botnet and DDoS attacks growing more advanced and more crucial than ever to cybercriminal's attack strategies.
Crowdsourcing The Dark Web: A One-Stop Ran$om Shop
Commentary  |  4/26/2016  | 
Say hello to Ran$umBin, a new kind of ransom market dedicated to criminals and victims alike.
Dark Reading Marks 10th Anniversary With Month Of Special Coverage
Commentary  |  4/25/2016  | 
Looking back at the decade in security.
10 Tips for Securing Your SAP Implementation
Slideshows  |  4/23/2016  | 
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
Microsoft: Keep Calm But Vigilant About Ransomware
News  |  4/22/2016  | 
Though a growing problem, ransomware is still nowhere as prevalent as other threats, Microsoft says.
The Problem With Patching: 7 Top Complaints
Commentary  |  4/22/2016  | 
Is your security team suffering from patching fatigue? Check out these tips and eliminate critical vulnerabilities in your IT environment.
SpyEye Creators Sentenced To Long Prison Terms
News  |  4/21/2016  | 
FBI found that arrest halted the release of nasty SpyEye 2.0.
Databases Remain Soft Underbelly Of Cybersecurity
News  |  4/21/2016  | 
Most enterprises still don't continuously monitor database activity.
A Brief History Of Ransomware
Slideshows  |  4/21/2016  | 
A top ten chronicle of more than a decade of notable ransomware variants and trends.
How Hackers Have Honed Their Attacks
News  |  4/21/2016  | 
More organizations are getting breached, but data exfiltration is becoming harder for attackers, new data shows.
Manufacturers Suffer Increase In Cyberattacks
News  |  4/20/2016  | 
Cyberattacks on manufacturing companies on the rise as attackers attempt to steal valuable intellectual property and information.
Internal Pen-Testing: Not Just For Compliance Audits Anymore
Commentary  |  4/20/2016  | 
How turning your internal penetration team into a 'Friendly Network Force' can identify and shut down the cracks in your security program.
MIT Launches Bug Bounty Program
News  |  4/20/2016  | 
University will reward MIT affiliates who find specific categories of flaws in its web domains.
Device Advice: Keeping Fraudsters From Consumer Info
Commentary  |  4/19/2016  | 
Data breaches are the first stop for criminals with intentions to steal personally identifiable information. These tips show how to fight fraud while optimizing the customer experience.
8 Active APT Groups To Watch
Slideshows  |  4/16/2016  | 
Ever wonder who's behind some of the attacks we hear about in the news? Here are eight advanced persistent threat (APT) groups that operate some of the most successful and well-known malware campaigns worldwide.
PowerShell Increasingly Being Used To Hide Malicious Activity
News  |  4/15/2016  | 
Data from 1,100 security investigations shows PowerShell was used in 38 percent of cyberattacks
How To Prepare For A DDoS Attack: 10 Steps
Slideshows  |  4/15/2016  | 
Like a hurricane or a flood, a DDoS is a crisis. Follow these 10 steps to prepare for an attack before it hits.
Healthcare Data Security Performance Stagnates
News  |  4/14/2016  | 
Healthcare organizations are still largely driven by compliance and legacy attitudes.
5 Steps to Improve Your Software Supply Chain Security
Commentary  |  4/14/2016  | 
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
Java Deserialization: Running Faster Than a Bear
Commentary  |  4/14/2016  | 
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
10 Things Cyber Insurance Won't Cover
Slideshows  |  4/14/2016  | 
Cyber insurance policies come with some important caveats to keep in mind.
Security 101 For SMBs
News  |  4/13/2016  | 
Just because a company is small doesn't mean its business is immune to cyberattacks. Here's a quick list of best practices for SMBs to get started in security.
Securing the Weakest Link: Insiders
Commentary  |  4/13/2016  | 
No longer is a hoodie-wearing malicious hacker the most obvious perpetrator of an inside cyber attack.
IRS Commissioner Warns Of Threats From Cybercriminals
Quick Hits  |  4/13/2016  | 
Identity thieves getting more sophisticated in hacking IRS systems, John Koskinen says
Law Firms Present Tempting Targets For Attackers
News  |  4/12/2016  | 
Panama Papers breach just scratched the surface of the relative lack of budget and resources in the legal sector that leaves many law firms vulnerable to cyberattacks.
Zero-Day Discoveries A Once-A-Week Habit
News  |  4/12/2016  | 
Symantec threat report shows growth in zero-day vulns to enable more targeted attacks.
Badlock Bug Declared A Bust--But Patch, Anyway
News  |  4/12/2016  | 
After weeks of speculation and buildup, the big Badlock reveal came today with Microsoft Windows, Samba patches for a flaw that could allow an attacker to hijack sessions and steal files.
Managing The Message Before The Breach
Commentary  |  4/12/2016  | 
No leader wants to see their company exploited by creative cyber villains. Heres how CISOs can stay ahead of the game with a strategic plan.
Imagining The Ransomware Of The Future
News  |  4/11/2016  | 
Cisco Talos Lab paints a dark picture of what ransomware could have in store next.
Sony Breach Settlement Reached
Quick Hits  |  4/11/2016  | 
Sony agreed to provide three years of identity theft protection to victims of data breach.
FBI Warns Of Business Email Fraud Spike
Quick Hits  |  4/11/2016  | 
FBI warns US companies about rising email scams that have cost businesses up to $2.3 billion since 2013.
Dridex Malware Now Used For Stealing Payment Card Data
News  |  4/8/2016  | 
An analysis of Dridex infrastructure shows dangerous changes, potentially new operators.
7 Profiles Of Highly Risky Insiders
Commentary  |  4/8/2016  | 
To understand who these insiders are and why they pose a risk, start by looking at the root of the problem.
Thousands Of Vulnerabilities Found In Corporate Networks
Quick Hits  |  4/8/2016  | 
F-Secure research discovers tens of thousands of holes in
IRS Warns Of New Phishing Scam Surge In National Capital Area
Quick Hits  |  4/8/2016  | 
IRS issued an alert regarding tax fraud targeting residents in Washington, DC, Maryland, and Virginia.
Adobe Issues Emergency Updates For Zero-Day Flaw in Flash Player
News  |  4/8/2016  | 
Memory corruption flaw is being exploited in the wild to distribute ransomware samples like Locky and Cerber.
Inconsistent API Security Puts App Economy At Risk
News  |  4/7/2016  | 
Better ownership and accountability needed in security APIs, report finds.
10 Cybersecurity Twitter Profiles To Watch
Slideshows  |  4/7/2016  | 
If youre responsible for an information security program, check out these influencers to follow.
Hacker From Oklahoma Pleads Guilty In DDoS Attack Case
Quick Hits  |  4/7/2016  | 
Oklahoma City man faces up to 10 years in federal prison for a hacking attempt targeting a cybersecurity company.
Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes
News  |  4/7/2016  | 
New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course.
Hacking Teams License To Sell Spyware Outside Europe Revoked
Quick Hits  |  4/7/2016  | 
Spyware vendor must request permission for future exports outside the EU.
Context & Awareness: Its All About The Apps
Commentary  |  4/7/2016  | 
Why data context, application awareness and training are keys to mitigating security risks,
Understanding The Cloud Threat Surface
Commentary  |  4/6/2016  | 
How todays borderless environment creates new threat vectors from third-party apps, brute force password attacks, and login attempts with stolen credentials.
Page 1 / 2   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.