Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2015
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
News  |  5/29/2015  | 
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
How I Would Secure The Internet With $4 Billion
Commentary  |  5/29/2015  | 
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesnt go far enough.
FUD Watch: The Marketing Of Security Vulnerabilities
Commentary  |  5/28/2015  | 
Im all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
Oracle PeopleSoft In The Crosshairs
News  |  5/27/2015  | 
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
Moose Malware Uses Linux Routers For Social Network Fraud
News  |  5/27/2015  | 
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
State-Sponsored Cybercrime: A Growing Business Threat
Commentary  |  5/26/2015  | 
You dont have to be the size of Sony -- or even mock North Korea -- to be a target.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Hacking Virginia State Trooper Cruisers
News  |  5/22/2015  | 
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
Half Of Retail, Healthcare Sites 'Always Vulnerable'
News  |  5/21/2015  | 
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
Logjam Encryption Flaw Threatens Secure Communications On Web
News  |  5/20/2015  | 
Most major browsers, websites that support export ciphers impacted
Planes, Tweets & Possible Hacks From Seats
News  |  5/20/2015  | 
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
5 Signs Credentials In Your Network Are Being Compromised
Commentary  |  5/20/2015  | 
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Commentary  |  5/19/2015  | 
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Every 4 Seconds New Malware Is Born
News  |  5/18/2015  | 
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
Why We Can't Afford To Give Up On Cybersecurity Defense
Commentary  |  5/18/2015  | 
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
News  |  5/15/2015  | 
Google was given enough time to respond researcher says.
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Commentary  |  5/15/2015  | 
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
Experts' Opinions Mixed On VENOM Vulnerability
News  |  5/14/2015  | 
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
Taking A Security Program From Zero To Hero
Commentary  |  5/13/2015  | 
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizations security capabilities. Here are six steps to get you started.
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News  |  5/13/2015  | 
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Commentary  |  5/12/2015  | 
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
First Example Of SAP Breach Surfaces
News  |  5/12/2015  | 
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
News  |  5/9/2015  | 
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
Beginning Of The End For Patch Tuesday
News  |  5/7/2015  | 
Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.
3 Ways Attackers Will Own Your SAP
News  |  5/5/2015  | 
SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises.
Deconstructing Mobile Fraud Risk
Commentary  |  5/5/2015  | 
Todays enterprise security solutions dont do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
Rapid7 Picks Up NTObjectives
News  |  5/4/2015  | 
Adds 25 new employees and further diversifies testing capabilities.
Security Product Liability Protections Emerge
News  |  5/4/2015  | 
WhiteHat Security, FireEye each offer product liability protections to their customers.
Defenses Outside the Wall
Partner Perspectives  |  5/4/2015  | 
Protecting the Internet of Things means protecting the privacy of customers and colleagues.
Dyre Trojan Adds New Sandbox-Evasion Feature
News  |  5/1/2015  | 
New tactic makes it that much harder to detect, says Seculert.


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15073
PUBLISHED: 2019-11-20
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15072
PUBLISHED: 2019-11-20
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15071
PUBLISHED: 2019-11-20
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail syste...
CVE-2019-6176
PUBLISHED: 2019-11-20
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6184
PUBLISHED: 2019-11-20
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.