Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2019
<<   <   Page 2 / 3   >   >>
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
Selecting the Right Strategy to Reduce Vulnerability Risk
Commentary  |  4/17/2019  | 
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Attacks (and Old Attacks Made New)
Commentary  |  4/16/2019  | 
Although new attacks might get the most attention, don't assume old ones have gone away.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
TRITON Attacks Underscore Need for Better Defenses
News  |  4/15/2019  | 
As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
Romanians Convicted in Cybertheft Scheme
Quick Hits  |  4/12/2019  | 
Working out of Bucharest since 2007, a pair of criminals infected and controlled more than 400,000 individual computers, mostly in the US.
Home Office Apologizes for EU Citizen Data Exposure
Quick Hits  |  4/12/2019  | 
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
Cloudy with a Chance of Security Breach
Commentary  |  4/12/2019  | 
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
News  |  4/11/2019  | 
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
News  |  4/11/2019  | 
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement
News  |  4/11/2019  | 
Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.
Tax Hacks: How Seasonal Scams Cause Yearlong Problems
News  |  4/11/2019  | 
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.
Julian Assange Arrested in London
Quick Hits  |  4/11/2019  | 
The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.
Microsoft Patches Are Freezing Older PCs Running Sophos, Avast
Quick Hits  |  4/11/2019  | 
Computers running Sophos or Avast software have been failing to boot following the latest Patch Tuesday update.
When Your Sandbox Fails
Commentary  |  4/11/2019  | 
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
Triton/Trisis Attacks Another Victim
News  |  4/11/2019  | 
FireEye Mandiant incident responders reveal a new attack by the hacking group that previously targeted a petrochemical plant in Saudi Arabia in 2017.
Majority of Hotel Websites Leak Guest Booking Info
News  |  4/10/2019  | 
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Quick Hits  |  4/10/2019  | 
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
25% of Phishing Emails Sneak into Office 365: Report
News  |  4/10/2019  | 
Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.
New Android Malware Adds Persistence, Targets Australian Banking Customers
News  |  4/10/2019  | 
Malware campaign, which finds and exfiltrates a user's contact list and banking credentials, could potentially grow to global proportions.
Merging Companies, Merging Clouds
Commentary  |  4/10/2019  | 
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
Commentary  |  4/10/2019  | 
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
Verizon Patches Trio of Vulnerabilities in Home Router
News  |  4/9/2019  | 
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Microsoft Patch Tuesday Fixes Windows Bugs Under Attack
News  |  4/9/2019  | 
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.
Meet Baldr: The Inside Scoop on a New Stealer
News  |  4/9/2019  | 
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
A New Approach to Application Security Testing
Commentary  |  4/9/2019  | 
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
Craigslist Founder Funds Security Toolkit for Journalists, Elections
News  |  4/9/2019  | 
The free tools will be developed by the Global Cyber Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.
Stop Mocking & Start Enabling Emerging Technologies
Commentary  |  4/9/2019  | 
Mocking new technology isn't productive and can lead to career disadvantage.
British Hacker Jailed for Role in Russian Crime Group
Quick Hits  |  4/9/2019  | 
According to authorities, Zain Qaiser would pose as a legitimate ad broker to buy online advertising unit from pornographic websites.
'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level
News  |  4/9/2019  | 
Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
News  |  4/8/2019  | 
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
8 Steps to More Effective Small Business Security
Slideshows  |  4/8/2019  | 
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
Ignore the Insider Threat at Your Peril
Commentary  |  4/8/2019  | 
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
Phishing Campaign Targeting Verizon Mobile Users
News  |  4/5/2019  | 
Lookout Phishing AI, which discovered the attack, says it has been going on since late November.
Ongoing DNS Hijack Attack Hits Consumer Modems and Routers
Quick Hits  |  4/5/2019  | 
The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.
Advanced Persistent Threat: Dark Reading Caption Contest Winners
Commentary  |  4/5/2019  | 
From sushi and phishing to robots, passwords and ninjas -- and the winners are ...
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Commentary  |  4/5/2019  | 
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
Third Parties in Spotlight as More Facebook Data Leaks
News  |  4/4/2019  | 
Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.
New, Improved BEC Campaigns Target HR and Finance
News  |  4/4/2019  | 
Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.
Patched Apache Vulnerability Could Still Cause Problems
Quick Hits  |  4/4/2019  | 
More than 2 million Apache HTTP servers remain at risk for a critical privilege escalation vulnerability.
3 Lessons Security Leaders Can Learn from Theranos
Commentary  |  4/4/2019  | 
Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."
True Cybersecurity Means a Proactive Response
Commentary  |  4/4/2019  | 
Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.
<<   <   Page 2 / 3   >   >>


Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized &quot;c&quot; variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16974
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized &quot;id&quot; variable coming from the URL, which is reflected in HTML, leading to XSS.