Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2017
Page 1 / 2   >   >>
10 Cybercrime Myths that Could Cost You Millions
Commentary  |  4/29/2017  | 
Dont let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
Fileless Malware Attacks Continue to Gain Steam
News  |  4/28/2017  | 
Endpoint woes grow as fileless attacks grow in prevalence and file-based attacks remain largely undetected by AV engines.
A Day in the Life of a Security Avenger
Commentary  |  4/28/2017  | 
Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
Ransomware Payout Doesn't Pay Off
News  |  4/28/2017  | 
About 40% of small- and midsized businesses hit with ransomware paid their attackers, but less than half got their information back.
Facebook Spam Botnet Promises 'Likes' for Access Tokens
News  |  4/27/2017  | 
Facebook users can fuel a social spam botnet by providing verified apps' access tokens in exchange for "likes" and comments.
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Commentary  |  4/27/2017  | 
What has not been updated in the new Top 10 list is almost more significant than what has.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Commentary  |  4/27/2017  | 
It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
HHS Hits CardioNet with $2.5M HIPAA Settlement Fee
Quick Hits  |  4/26/2017  | 
The US Department of Health and Human Services slapped the mobile cardiac monitoring service with fee after breach of customer health data.
USAF Launches 'Hack the Air Force'
News  |  4/26/2017  | 
Bug bounty contest expands Defense Department outreach to the global hacker community to find unknown vulnerabilities in DoD networks.
Chipotle Serves Up Security Incident Warning
Quick Hits  |  4/26/2017  | 
The Mexican restaurant chain notifies customers its payment processing system may have been hacked, marking the latest woes for the fast-food maker.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
New Ad Fraud Campaign Uses Millions of Domain Names to Bilk Advertising Networks
News  |  4/26/2017  | 
NoTrove has established a huge infrastructure to make money through click redirection and scam traffic-brokering.
Locky Returns with a New (Borrowed) Distribution Method
Partner Perspectives  |  4/26/2017  | 
A layered defense is a strong security posture for dealing with a threat like Locky, that can come in different disguises.
Chinese, Russian Cyber Groups Research Shadow Brokers Malware
News  |  4/25/2017  | 
Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.
xDedic Marketplace Data Spells Danger for Businesses
News  |  4/25/2017  | 
The xDedic marketplace, a hotspot for cybercriminals on the dark web, sells access to RDP servers to enable attacks on government and corporations.
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Quick Hits  |  4/25/2017  | 
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
A Closer Look at CIA-Linked Malware as Search for Rogue Insider Begins
News  |  4/24/2017  | 
Symantec researcher explains the goals behind CIA-linked hacking tools, as the government launches an investigation to discover who gave secret documents to WikiLeaks.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
6 Times Hollywood Got Security Right
Slideshows  |  4/20/2017  | 
Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
Fake Delta Airlines Receipt Packs Malware
Quick Hits  |  4/20/2017  | 
Phishing emails, disguised as receipts from Delta Airlines, trick victims into downloading malware.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
Google Won't Trust Symantec and Neither Should You
Commentary  |  4/19/2017  | 
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Snowden Says Mass Surveillance Programs 'Are About Power'
Commentary  |  4/19/2017  | 
Edward Snowden shared his views of the implications of mass surveillance programs and the government's objective in implementing them.
InterContinental Hotels Group Breach Checks In at 1,200 Locations
Quick Hits  |  4/19/2017  | 
IHG franchises in its Americas region were hit with a point-of-sale malware breach, affecting 1,200 hotels ranging from its Crowne Plaza to Holiday Inn Express.
ISC2 Issues White House Cybersecurity Executive Order Recommendations
Quick Hits  |  4/19/2017  | 
The industry trade group calls on President Trump to make workforce development a top priority when he issues the final version of the White House cybersecurity executive order.
The Architecture of the Web Is Unsafe for Today's World
Commentary  |  4/19/2017  | 
The Internet is based on protocols that assume content is secure. A new, more realistic model is needed.
Advanced, Low-Cost Ransomware Tools on the Rise
News  |  4/18/2017  | 
New offerings cost as little as $175 and come with lots of anti-detection bells and whistles.
Intrusion Suppression:' Transforming Castles into Prisons
Commentary  |  4/18/2017  | 
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
SWIFT: System Unaffected Following Shadow Brokers Leak
Quick Hits  |  4/18/2017  | 
SWIFT, the interbank messaging system allegedly targeted by the NSA, says there is no indication its network has been compromised.
Identity Thief Faces Potential 22-Year Prison Sentence
Quick Hits  |  4/18/2017  | 
A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
Cybercrime Tactics & Techniques: Q1 2017
Partner Perspectives  |  4/18/2017  | 
A deep dive into the threats that got our attention during the first three months of the year and what to expect going forward.
Man Admits Hacking into His Former Employer's Network
Quick Hits  |  4/17/2017  | 
Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer's networks to gain an edge over his rival.
Microsoft Fixed Windows Vulns Before Shadow Brokers Dump
Quick Hits  |  4/17/2017  | 
Microsoft reports the Windows exploits released by Shadow Brokers had already been fixed in earlier patches.
The Second Coming of Managed File Transfer Has Arrived
Commentary  |  4/17/2017  | 
Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.
Why Brand Trumps Tech in C-Level Conversations
News  |  4/17/2017  | 
Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.
Ransomware, Mac Malware Dominate Q1 Threat Landscape
News  |  4/14/2017  | 
Cerber, somewhat unexpectedly, emerged as the biggest ransomware threat, Malwarebytes found.
Engineer Arrested for Attempted Theft of Trade Secrets
Quick Hits  |  4/14/2017  | 
Software engineer Dmitry Sazonov has been arrested for trying to steal valuable code from his employer, a financial services firm.
Nearly 40% of Ransomware Victims Pay Attackers
Quick Hits  |  4/14/2017  | 
Ransomware is targeting more consumers, and many of them are paying hundreds to attackers.
10 Questions To Get Practical Answers At Interop ITX
Commentary  |  4/14/2017  | 
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
Health Savings Account Fraud: The Rapidly Growing Threat
Commentary  |  4/14/2017  | 
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
The Long Slog To Getting Encryption Right
News  |  4/14/2017  | 
Encryption practices have improved dramatically over the last 10 years, but most organizations still don't have enterprise-wide crypto strategies.
95% of Organizations Have Employees Seeking to Bypass Security Controls
News  |  4/13/2017  | 
Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth
Commentary  |  4/13/2017  | 
If an aggressive, all-out cyberdefense strategy isnt already on your operational technology plan for 2017, its time to get busy.
So You Want to Be a Security Rock Star?
Commentary  |  4/13/2017  | 
While the thrill of crafting attention-grabbing stunt hacks may seem like the coolest job on earth, what our industry needs more of are strong defenders who can fix things as well as break them.
New Breed of DDoS Attack On the Rise
News  |  4/13/2017  | 
Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.
Nation-State Hackers Go Open Source
News  |  4/12/2017  | 
Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Commentary  |  4/12/2017  | 
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
How Innovative Companies Lock Down Data
Commentary  |  4/12/2017  | 
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
Page 1 / 2   >   >>


Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: How do you like our new spear phishing email solution?
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.