Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2017
Page 1 / 2   >   >>
10 Cybercrime Myths that Could Cost You Millions
Commentary  |  4/29/2017  | 
Dont let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
Fileless Malware Attacks Continue to Gain Steam
News  |  4/28/2017  | 
Endpoint woes grow as fileless attacks grow in prevalence and file-based attacks remain largely undetected by AV engines.
A Day in the Life of a Security Avenger
Commentary  |  4/28/2017  | 
Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
Ransomware Payout Doesn't Pay Off
News  |  4/28/2017  | 
About 40% of small- and midsized businesses hit with ransomware paid their attackers, but less than half got their information back.
Facebook Spam Botnet Promises 'Likes' for Access Tokens
News  |  4/27/2017  | 
Facebook users can fuel a social spam botnet by providing verified apps' access tokens in exchange for "likes" and comments.
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Commentary  |  4/27/2017  | 
What has not been updated in the new Top 10 list is almost more significant than what has.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Commentary  |  4/27/2017  | 
It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
HHS Hits CardioNet with $2.5M HIPAA Settlement Fee
Quick Hits  |  4/26/2017  | 
The US Department of Health and Human Services slapped the mobile cardiac monitoring service with fee after breach of customer health data.
USAF Launches 'Hack the Air Force'
News  |  4/26/2017  | 
Bug bounty contest expands Defense Department outreach to the global hacker community to find unknown vulnerabilities in DoD networks.
Chipotle Serves Up Security Incident Warning
Quick Hits  |  4/26/2017  | 
The Mexican restaurant chain notifies customers its payment processing system may have been hacked, marking the latest woes for the fast-food maker.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
New Ad Fraud Campaign Uses Millions of Domain Names to Bilk Advertising Networks
News  |  4/26/2017  | 
NoTrove has established a huge infrastructure to make money through click redirection and scam traffic-brokering.
Locky Returns with a New (Borrowed) Distribution Method
Partner Perspectives  |  4/26/2017  | 
A layered defense is a strong security posture for dealing with a threat like Locky, that can come in different disguises.
Chinese, Russian Cyber Groups Research Shadow Brokers Malware
News  |  4/25/2017  | 
Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.
xDedic Marketplace Data Spells Danger for Businesses
News  |  4/25/2017  | 
The xDedic marketplace, a hotspot for cybercriminals on the dark web, sells access to RDP servers to enable attacks on government and corporations.
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Quick Hits  |  4/25/2017  | 
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
A Closer Look at CIA-Linked Malware as Search for Rogue Insider Begins
News  |  4/24/2017  | 
Symantec researcher explains the goals behind CIA-linked hacking tools, as the government launches an investigation to discover who gave secret documents to WikiLeaks.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
6 Times Hollywood Got Security Right
Slideshows  |  4/20/2017  | 
Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
Fake Delta Airlines Receipt Packs Malware
Quick Hits  |  4/20/2017  | 
Phishing emails, disguised as receipts from Delta Airlines, trick victims into downloading malware.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
Google Won't Trust Symantec and Neither Should You
Commentary  |  4/19/2017  | 
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Snowden Says Mass Surveillance Programs 'Are About Power'
Commentary  |  4/19/2017  | 
Edward Snowden shared his views of the implications of mass surveillance programs and the government's objective in implementing them.
InterContinental Hotels Group Breach Checks In at 1,200 Locations
Quick Hits  |  4/19/2017  | 
IHG franchises in its Americas region were hit with a point-of-sale malware breach, affecting 1,200 hotels ranging from its Crowne Plaza to Holiday Inn Express.
ISC2 Issues White House Cybersecurity Executive Order Recommendations
Quick Hits  |  4/19/2017  | 
The industry trade group calls on President Trump to make workforce development a top priority when he issues the final version of the White House cybersecurity executive order.
The Architecture of the Web Is Unsafe for Today's World
Commentary  |  4/19/2017  | 
The Internet is based on protocols that assume content is secure. A new, more realistic model is needed.
Advanced, Low-Cost Ransomware Tools on the Rise
News  |  4/18/2017  | 
New offerings cost as little as $175 and come with lots of anti-detection bells and whistles.
Intrusion Suppression:' Transforming Castles into Prisons
Commentary  |  4/18/2017  | 
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
SWIFT: System Unaffected Following Shadow Brokers Leak
Quick Hits  |  4/18/2017  | 
SWIFT, the interbank messaging system allegedly targeted by the NSA, says there is no indication its network has been compromised.
Identity Thief Faces Potential 22-Year Prison Sentence
Quick Hits  |  4/18/2017  | 
A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
Cybercrime Tactics & Techniques: Q1 2017
Partner Perspectives  |  4/18/2017  | 
A deep dive into the threats that got our attention during the first three months of the year and what to expect going forward.
Man Admits Hacking into His Former Employer's Network
Quick Hits  |  4/17/2017  | 
Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer's networks to gain an edge over his rival.
Microsoft Fixed Windows Vulns Before Shadow Brokers Dump
Quick Hits  |  4/17/2017  | 
Microsoft reports the Windows exploits released by Shadow Brokers had already been fixed in earlier patches.
The Second Coming of Managed File Transfer Has Arrived
Commentary  |  4/17/2017  | 
Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.
Why Brand Trumps Tech in C-Level Conversations
News  |  4/17/2017  | 
Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.
Ransomware, Mac Malware Dominate Q1 Threat Landscape
News  |  4/14/2017  | 
Cerber, somewhat unexpectedly, emerged as the biggest ransomware threat, Malwarebytes found.
Engineer Arrested for Attempted Theft of Trade Secrets
Quick Hits  |  4/14/2017  | 
Software engineer Dmitry Sazonov has been arrested for trying to steal valuable code from his employer, a financial services firm.
Nearly 40% of Ransomware Victims Pay Attackers
Quick Hits  |  4/14/2017  | 
Ransomware is targeting more consumers, and many of them are paying hundreds to attackers.
10 Questions To Get Practical Answers At Interop ITX
Commentary  |  4/14/2017  | 
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
Health Savings Account Fraud: The Rapidly Growing Threat
Commentary  |  4/14/2017  | 
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
The Long Slog To Getting Encryption Right
News  |  4/14/2017  | 
Encryption practices have improved dramatically over the last 10 years, but most organizations still don't have enterprise-wide crypto strategies.
95% of Organizations Have Employees Seeking to Bypass Security Controls
News  |  4/13/2017  | 
Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth
Commentary  |  4/13/2017  | 
If an aggressive, all-out cyberdefense strategy isnt already on your operational technology plan for 2017, its time to get busy.
So You Want to Be a Security Rock Star?
Commentary  |  4/13/2017  | 
While the thrill of crafting attention-grabbing stunt hacks may seem like the coolest job on earth, what our industry needs more of are strong defenders who can fix things as well as break them.
New Breed of DDoS Attack On the Rise
News  |  4/13/2017  | 
Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.
Nation-State Hackers Go Open Source
News  |  4/12/2017  | 
Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Commentary  |  4/12/2017  | 
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
How Innovative Companies Lock Down Data
Commentary  |  4/12/2017  | 
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...