Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2018
<<   <   Page 2 / 2
Federal Agency Data Under Siege
Commentary  |  4/13/2018  | 
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Attacker Dwell Time Still Too Long, Research Shows
News  |  4/11/2018  | 
New DBIR and M-Trends reports show the window between compromise and discovery are still way too long.
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Commentary  |  4/11/2018  | 
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
'SirenJack' Vulnerability Lets Hackers Hijack Emergency Warning System
News  |  4/10/2018  | 
Unencrypted radio protocol that controls sirens left alert system at risk.
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
Microsoft Issues Rare Patch for Wireless Keyboard Flaw
News  |  4/10/2018  | 
Patch Tuesday includes 67 fixes the most critical of which are browser-related.
Pairing Policy & Technology: BYOD That Works for Your Enterprise
Commentary  |  4/10/2018  | 
An intelligent security policy coupled with the right technology can set you up for success with BYOD.
HTTP Injector Steals Mobile Internet Access
News  |  4/10/2018  | 
Users aren't shy about sharing the technique and payload in a new attack.
20 Ways to Increase the Efficiency of the Incident Response Workflow
Commentary  |  4/10/2018  | 
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
News  |  4/10/2018  | 
Outside attackers still the biggest problem - except in healthcare.
Ransomware Up for Businesses, Down for Consumers in Q1
News  |  4/9/2018  | 
Ransomware, spyware, and cryptomining were the biggest enterprise threats during an otherwise quiet quarter for malware, researchers report.
RTF Design, Office Flaw Exploited in Multi-Stage Document Attack
News  |  4/9/2018  | 
Threat actors chained CVE-2017-8570 with known design behaviors in .docx and RTF to launch a multi-stage document attack.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Businesses Fear 'Catastrophic Consequences' of Unsecured IoT
News  |  4/6/2018  | 
Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Study Finds Petabytes of Sensitive Data Open to the Internet
Quick Hits  |  4/6/2018  | 
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
News  |  4/5/2018  | 
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
How to Build a Cybersecurity Incident Response Plan
Commentary  |  4/5/2018  | 
Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.
Unpatched Vulnerabilities the Source of Most Data Breaches
News  |  4/5/2018  | 
New studies show how patching continues to dog most organizations - with real consequences.
How Security Can Bridge the Chasm with Development
Commentary  |  4/5/2018  | 
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
Report: White House Email Domains Poorly Protected from Fraud
Quick Hits  |  4/4/2018  | 
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
Microsoft Patches Critical Flaw in Malware Protection Engine
News  |  4/4/2018  | 
The emergency update addressed CVE-2018-0986, which would let an attacker execute malicious code on a Windows machine.
New DARPA Contract Looks to Avoid Another 'Meltdown'
Quick Hits  |  4/4/2018  | 
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
Iran 'the New China' as a Pervasive Nation-State Hacking Threat
News  |  4/4/2018  | 
Security investigations by incident responders at FireEye's Mandiant in 2017 found more prolific and sophisticated attacks out of Iran.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
Facebook Removes Russia-based Internet Research Agency-Controlled Pages
Quick Hits  |  4/4/2018  | 
CSO Alex Stamos explains why the company deleted 70 Facebook and 65 Instagram accounts, and 138 Facebook pages.
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
New Attack Vector Shows Dangers of S3 Sleep Mode
News  |  4/3/2018  | 
Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.
Panera Bread Leaves Millions of Customer Records Exposed Online
News  |  4/3/2018  | 
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
3 Security Measures That Can Actually Be Measured
Commentary  |  4/3/2018  | 
The massive budgets devoted to cybersecurity need to come with better metrics.
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
News  |  4/2/2018  | 
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
<<   <   Page 2 / 2


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.