Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2014
Flash Poll: The Hunt For Cyber Talent
Commentary  |  5/30/2014  | 
Our latest flash poll paints a nuanced picture of how the security skills shortage is playing out in hiring strategies for the SOC.
Large Electric Utilities Earn High Security Scores
Quick Hits  |  5/29/2014  | 
Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries.
Indicting Chinese Military Officers Is A Huge Mistake
Commentary  |  5/29/2014  | 
Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Microsoft, Facebook Security Leaders Head Startup
News  |  5/28/2014  | 
The HackerOne project spins off into a new company aimed at facilitating vulnerability disclosure between researchers and software, web properties.
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Commentary  |  5/28/2014  | 
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
SSL After The Heartbleed
News  |  5/27/2014  | 
Encryption gets a big wake-up call -- and a little more scrutiny.
The Only 2 Things Every Developer Needs To Know About Injection
Commentary  |  5/22/2014  | 
Theres no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
Flaws In EMV Chip And PIN Undercut Security
News  |  5/22/2014  | 
Weaknesses in the EMV protocol and implementations create vulnerabilities that could be exploited via POS malware and man-in-the-middle attacks.
7 Facts: eBay Fumbles Password Reset Warning
News  |  5/22/2014  | 
Online auction site criticized for notification misfire, failing to make password resets mandatory.
Why Security & Profitability Go Hand-In-Hand
Commentary  |  5/21/2014  | 
Its never been more critical to put security on the front line to protect your company's bottom line.
Microsoft Silverlight Exploit Kit Attacks Spike
News  |  5/21/2014  | 
While crimeware authors continue gunning for outdated plug-ins, researchers report that businesses are finding and stopping related intrusions more quickly.
LifeLock Pulls Apps Over PCI Compliance Failure
News  |  5/20/2014  | 
Sensitive data stored in LifeLock Wallet apps and on company servers are proactively wiped after the company warns it wasn't being stored securely.
6 Tips For Securing Social Media In The Workplace
Commentary  |  5/20/2014  | 
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
Senators Slam Online Advertisers As 'Malvertising' Spikes
News  |  5/19/2014  | 
Complex ecosystem fails to arrest rise in malicious advertising, information security experts warn Congress.
How To Talk About InfoSec To Your Board Of Directors
Commentary  |  5/19/2014  | 
Today's cybersecurity challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data.
Researchers: Recent Zero-Day Attacks Linked Via Common Exploit Package
Quick Hits  |  5/19/2014  | 
Elderwood Platform, a two-year-old package of exploits, has been used to create multiple zero-day threats, Symantec researchers said
Tech Insight: Free Tools For Offensive Security
Commentary  |  5/19/2014  | 
A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics.
Zeus 'Gameover' Trojan Expands Global Reach
News  |  5/15/2014  | 
Cybercrime clients configure juggernaut Gameover variant of banking Trojan to reach bank customers in new countries.
Beware Cognitive Bias
Commentary  |  5/15/2014  | 
Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow.
Dispelling The Myths Of Cyber Security
Commentary  |  5/14/2014  | 
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
Microsoft Blocks Zero-Day Attacks Targeting IE, Office
News  |  5/14/2014  | 
Security updates patch bugs being exploited via in-the-wild attacks, except for Windows XP, which now becomes a sitting duck.
Anatomy Of The New Iranian APT
News  |  5/13/2014  | 
Former Iranian hacktivist operation evolves into cyber espionage with 'Operation Saffron Rose.'
Infographic: The Story Of A Phish
Commentary  |  5/13/2014  | 
Are your employees like Troy, blissfully unaware of the dangers of spear phishing?
NSA Reportedly Adds Backdoors To US-Made Routers
News  |  5/13/2014  | 
Secret "supply-chain interdiction" program intercepts networking equipment being shipped overseas and adds phone-home surveillance capabilities, says Guardian report.
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
Quick Hits  |  5/13/2014  | 
URL shortening service says user database may have been compromised through backup data.
Into The Breach: The Limits Of Data Security Technology
Commentary  |  5/12/2014  | 
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
Accidental Heartbleed Vulnerabilities Undercut Recovery Effort
News  |  5/9/2014  | 
Scans find 300,000 affected servers, but a surprising number of newly vulnerable servers have surfaced since Heartbleed warning was first sounded.
A New Approach to Endpoint Security: Think Positive
Commentary  |  5/9/2014  | 
It's time to move away from traditional blacklisting models that define what should be restricted and implicitly allow everything else.
OAuth, OpenID Flaw: 7 Facts
News  |  5/8/2014  | 
Authentication-protocol implementation security flaws are not as serious as Heartbleed, but Facebook and other sites must be fixed, say security experts.
The Cyber Security Market Is Hot! Heres Why
Commentary  |  5/8/2014  | 
A dozen years ago the $3.5 billion security market was dominated by five vendors. Last year, VCs bankrolled 230 startups. My, how things have changed!
Microsoft: Deception Dominates Windows Attacks
News  |  5/7/2014  | 
Deceptive downloads and ransomware tripled worldwide in Q4 2013, according to the new Microsoft Security Intelligence Report.
Why Threat Intelligence Is Like Teenage Sex
Commentary  |  5/7/2014  | 
Everyone thinks everyone else is doing it, and most of the few people who are actually doing it aren't doing it all that well.
Sneaky Windows Folder Poisoning Attack Steals Access Rights
News  |  5/6/2014  | 
Windows challenge-response authentication protocol could be abused by PC hackers to easily access wider corporate networks.
NextGen Authentication: There's A Really Smart Phone In Your Future
Commentary  |  5/6/2014  | 
The mobile device is the latest platform to reinvent access controls, and it's putting enterprise IT back in the driver's seat of security and data protection.
Dress Like A Gnome: 6 Security Training Essentials
News  |  5/5/2014  | 
Offer home security clinics, make security messages fit for Twitter, and don't be afraid to dress up, say Infosecurity Europe presenters.
Defending Against Identity Theft In The Military
Commentary  |  5/5/2014  | 
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
Security Flaw Found In OAuth 2.0 And OpenID; Third-Party Authentication At Risk
Quick Hits  |  5/4/2014  | 
Authentication methods used by Facebook, Google, and many other popular websites could be redirected by attackers, researcher says.
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Slideshows  |  5/2/2014  | 
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
Why Perimeter Defenses Are No Longer Enough
Commentary  |  5/2/2014  | 
When it comes to corporate information security and data protection, the new normal is "due care" in managing day-to-day operations.
Snowden NSA Revelations Complicate European Privacy Law Reboot
News  |  5/1/2014  | 
As European legislators work to rewrite privacy laws, one security expert says a full fix requires Europe to offer local alternatives to Google, Microsoft, and other US online services.
How To Avoid Sloppy Authentication
Commentary  |  5/1/2014  | 
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
Dark Reading Celebrates Eighth Anniversary
Commentary  |  5/1/2014  | 
Now the web's largest online info security community, Dark Reading's 2006 charter hasn't changed: to help security pros do their jobs.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.