Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2018
Page 1 / 2   >   >>
Old Worm, New Tricks: FacexWorm Targets Crypto Platforms
News  |  4/30/2018  | 
Malicious Chrome extension FacexWorm has reappeared with new capabilities, targeting cryptocurrency platforms and lifting user data.
Slack Releases Open Source SDL Tool
News  |  4/30/2018  | 
After building an SDL tool for their own use, Slack has released it on Github under an open source license.
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
More Than 1M Children Victims of Identity Fraud in 2017
News  |  4/27/2018  | 
Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.
'Zero Login:' The Rise of Invisible Identity
Commentary  |  4/27/2018  | 
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
Routing Security Gets Boost with New Set of MANRS for IXPs
Quick Hits  |  4/26/2018  | 
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
How Microsoft, Amazon, Alphabet Are Reshaping Security
News  |  4/26/2018  | 
Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.
MyEtherWallet DNS Attack Offers Opt-In Lessons
News  |  4/26/2018  | 
Attackers poisoned BGP route tables to redirect Amazon's Route 53 name servers to their malicious servers.
New Phishing Attack Targets 550M Email Users Worldwide
Quick Hits  |  4/26/2018  | 
In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
Why Hackers Love Healthcare
Commentary  |  4/26/2018  | 
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
The Default SAP Configuration That Every Enterprise Needs to Fix
News  |  4/26/2018  | 
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
Free New Tool for Building Blockchain Skills
Quick Hits  |  4/25/2018  | 
Blockchain CTF helps pros build skills with simulations.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Commentary  |  4/25/2018  | 
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
'Webstresser' DDoS Attack Site Shut Down in International Operation
News  |  4/25/2018  | 
Investigators arrested the admins of Webstresser, the world's largest DDoS marketplace reportedly responsible for more than four million attacks.
Why Information Integrity Attacks Pose New Security Challenges
Commentary  |  4/25/2018  | 
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
News  |  4/25/2018  | 
At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
Diversity: It's About Inclusion
News  |  4/25/2018  | 
Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the 'uncomfortable conversations' needed to remedy cybersecurity's diversity gap.
Latest News from RSAC 2018
News  |  4/25/2018  | 
Check out Dark Reading's updated, exclusive coverage of the news and security themes that dominated RSA Conference 2018 in San Francisco.
Coviello: Modern Security Threats are 'Less About the Techniques'
News  |  4/24/2018  | 
Today's attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Commentary  |  4/24/2018  | 
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records
Quick Hits  |  4/24/2018  | 
Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.
'Stresspaint' Targets Facebook Credentials
News  |  4/24/2018  | 
New malware variant goes after login credentials for popular Facebook pages.
It's Time to Take GitHub Threats Seriously
Commentary  |  4/24/2018  | 
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
Golden Galleon Raids Maritime Shipping Firms
News  |  4/24/2018  | 
A new Nigerian criminal gang is launching attacks on the maritime industry.
Threat Intel: Finding Balance in an Overcrowded Market
News  |  4/23/2018  | 
Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.
Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity
News  |  4/23/2018  | 
.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
Cybercrime Economy Generates $1.5 Trillion a Year
News  |  4/20/2018  | 
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018  | 
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients
Quick Hits  |  4/20/2018  | 
Names, addresses, phone numbers, account balances, may have been exposed.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018  | 
Could these advanced technologies be putting user data at risk?
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Microsoft CISO Talks Threat Intel, 'Data Inclusion'
News  |  4/19/2018  | 
Dark Reading caught up with Microsoft's Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Quick Hits  |  4/19/2018  | 
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Securing Social Media: National Safety, Privacy Concerns
News  |  4/19/2018  | 
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
First Public Demo of Data Breach via IoT Hack Comes to RSAC
News  |  4/19/2018  | 
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018  | 
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
Researchers Discover Second rTorrent Vulnerability Campaign
Partner Perspectives  |  4/19/2018  | 
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
The Role of KPIs in Incident Response
Commentary  |  4/18/2018  | 
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
Data Visibility, Control Top Cloud Concerns at RSA
News  |  4/18/2018  | 
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018  | 
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
8 Ways Hackers Monetize Stolen Data
Slideshows  |  4/17/2018  | 
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Why We Need Privacy Solutions That Scale Across Borders
Commentary  |  4/17/2018  | 
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018  | 
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018  | 
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
Companies Still Suffering From Poor Credential Hygiene: New Report
Quick Hits  |  4/16/2018  | 
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
How GDPR Forces Marketers to Rethink Data & Security
Commentary  |  4/16/2018  | 
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
News  |  4/16/2018  | 
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018  | 
A new demonstration of malware shows that air-gapped computers may still be at risk.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...