Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2017
<<   <   Page 2 / 2
OWASP Top 10 Update: Long Overdue Or Same-Old, Same-Old?
News  |  4/11/2017  | 
The industry benchmark list is about to change for the first time in four years, but barring a few important changes, it looks a lot like it always has.
Microsoft Office Zero-Day Patched After Months of Attacks
News  |  4/11/2017  | 
Microsoft released a security update for a flaw in the OLE API that affects most versions of Microsoft Word.
Forget the Tax Man: Time for a DNS Security Audit
Slideshows  |  4/11/2017  | 
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
Tax Season Surprise: W-2 Fraud
Commentary  |  4/11/2017  | 
W-2 fraud used to target businesses exclusively but has now set its sights on many other sectors. Here's what you can do to prevent it from happening to you.
When Hacks Are about Image instead of Money
Commentary  |  4/11/2017  | 
If you think fake news is a problem, how about the possibility of fake medical or financial information making the rounds with no way to verify its legitimacy?
Computer Engineer Charged with Theft of Proprietary Computer Code
Quick Hits  |  4/11/2017  | 
Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.
One of World's Most Wanted and Prolific Alleged Spammers Arrested
News  |  4/10/2017  | 
Suspected mastermind behind massive Kelihos botnet Petyr Levashov nabbed in botnet takedown operation.
CIA-Linked Hacking Tools Tied to Longhorn Cyber Espionage Group
News  |  4/10/2017  | 
Symantec matches tools exposed in Vault 7 documents leak reportedly from the CIA with those used by cyber espionage group that has been targeting governments and private businesses.
Apple Mac OS Malware Spiked in Q4
News  |  4/7/2017  | 
Malware samples sharply increased for Mac OS devices in Q4 2016 as threat actors expand their targets outside Windows PCs, new McAfee report says.
The New Shadow IT: Custom Data Center Applications
Commentary  |  4/7/2017  | 
If you think youve finally gotten control of unsanctioned user apps, think again. The next wave of rogue apps is on its way from your data center to the cloud.
FAFSA Tool Taken Offline After Breach Report
Quick Hits  |  4/7/2017  | 
Personal data of 100,000 taxpayers compromised after IRS students financial aid tool hacked.
New Malware Deliberately Destroys Unsecured IoT Devices
Quick Hits  |  4/7/2017  | 
Motive behind BrickerBot puzzles experts who think it maybe the work of a vigilante.
7 Ways Hackers Target Your Employees
Slideshows  |  4/6/2017  | 
One employee under reconnaissance by cyberattackers can put your whole business at risk. Where are they being targeted, and what should they know?
Banks Must Focus More on Cyber-Risk
Commentary  |  4/5/2017  | 
Recent guidelines from the Federal Reserve are aimed at stemming the tide of successful exploits.
Businesses Hit by More W-2 Fraud as Cybercriminals Shift Tax Season Targets
News  |  4/5/2017  | 
Businesses, not individuals, are more frequently targeted with scams as cybercriminals try to cash in on tax season.
Web Inventor Slams US-UK Internet Plans, Cites Privacy Concerns
Quick Hits  |  4/5/2017  | 
Sir Tim Berners-Lee, recipient of the Turing Award, criticizes moves to undermine encryption and promises to fight for net neutrality.
FCC Privacy Rule Repeal Will Have Widespread Security Implications
News  |  4/4/2017  | 
Concerns over the action are sending VPN sales soaring, some vendors say.
Office 365 Gets Data Governance, Threat Intelligence Tools
Quick Hits  |  4/4/2017  | 
Microsoft rolls out Advanced Data Governance and Threat Intelligence tools for Office 365, starting today.
ADP CISO Offers Tips to Leverage Security to Grow the Business
News  |  4/4/2017  | 
Savvy CISOs would do their companies a favor by broadly integrating security across the organization, a move that can yield greater revenues, cost savings and an entry into new markets.
McAfee's Back as an Independent Security Firm
News  |  4/4/2017  | 
Security firm is no longer part of Intel Corp.
Cybercriminals Seized Control of Brazilian Bank for 5 Hours
News  |  4/4/2017  | 
Sophisticated heist compromised major bank's entire DNS infrastructure.
AIG Rolls Out Policy for Cyberthreat Coverage
Quick Hits  |  4/4/2017  | 
Insurance firm AIG will now cover expenses related to extortion, cyber bullying, and other digital threats.
To Attract and Retain Better Employees, Respect Their Data
Commentary  |  4/3/2017  | 
A lack of privacy erodes trust that employees should have in management.
More than Half of Security Pros Rarely Change their Social Network Passwords
News  |  4/3/2017  | 
Survey finds IT security professionals don't practice what they preach at work when it comes to their social network passwords.
Georgia Brothers Jailed for $540,000 Corporate Fraud
Quick Hits  |  4/3/2017  | 
The two misused corporate registration information to order electronics from small businesses.
Tax Deadline Leads to Heightened Phishing Email Activities
Quick Hits  |  4/3/2017  | 
IRS warns tax professionals to watch out for phishing email scams attempting to steal user credentials.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...