Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2019
<<   <   Page 3 / 3
How iOS App Permissions Open Holes for Hackers
News  |  4/4/2019  | 
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
Privacy & Regulatory Considerations in Enterprise Blockchain
Commentary  |  4/3/2019  | 
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
Chinese National Carries Malware Into Mar-a-Lago
Quick Hits  |  4/3/2019  | 
A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.
In Security, Programmers Aren't Perfect
Commentary  |  4/3/2019  | 
Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.
Major Mobile Financial Apps Harbor Built-in Vulnerabilities
News  |  4/2/2019  | 
A wide variety of financial services companies' apps suffer from poor programing practices and unshielded data.
War on Zero-Days: 4 Lessons from Recent Google & Microsoft Vulns
Commentary  |  4/2/2019  | 
When selecting targets, attackers often consider total cost of 'pwnership' -- the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.
FireEye Creates Free Attack Toolset for Windows
News  |  4/2/2019  | 
The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows.
Airports & Operational Technology: 4 Attack Scenarios
Commentary  |  4/2/2019  | 
As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them.
Restaurant Chains Hit in PoS Attack
Quick Hits  |  4/1/2019  | 
Buca di Beppo, Earl of Sandwich, and Planet Hollywood were among the chains hit in a nearly year-long breach of their point-of-sale systems.
ShadowHammer Dangers Include Update Avoidance
News  |  4/1/2019  | 
More fallout from the compromise of Asus's automated software update.
In the Race Toward Mobile Banking, Don't Forget Risk Management
Commentary  |  4/1/2019  | 
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
<<   <   Page 3 / 3


How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17667
PUBLISHED: 2019-10-17
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.