Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2016
Page 1 / 2   >   >>
Pre-Loaded Laptop Software Comes With Security Risks
News  |  5/31/2016  | 
Laptops from Dell, HP, Asus, Acer and Lenovo all had at least one vulnerability that could result in complete compromise of system, Duo Security report says.
Dark Reading At 10 Years: Learning From The Best
Commentary  |  5/31/2016  | 
Kudos to the Dark Reading community for strengthening the security industry with all its passion and opinions.
Wekby 'Pisloader' Abuses DNS
News  |  5/31/2016  | 
New malware family 'pisloader' uses DNS requests for command and control.
10 Sea-Changing IT Security Trends Of The Last 10 Years
News  |  5/31/2016  | 
A look at ten of the megatrends that have shaped IT security -- and in some cases, enterprise business -- over the last decade.
Adobe Flash: 6 Tips For Blocking Exploit Kits
Slideshows  |  5/31/2016  | 
While Adobe does a good job patching exploits, there are additional steps security staffs can take to hedge their bets.
Ultimate Guide To DDoS Protection: Strategies And Best Practices
Commentary  |  5/30/2016  | 
To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks.
SWIFT Proposes New Measures For Bolstering Its Security
News  |  5/27/2016  | 
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
Ultimate Guide To DDoS Protection: DDoS Is A Business Problem
Commentary  |  5/27/2016  | 
In the first of a two-part series, we examine the impact DDoS attacks have on business continuity and why it is so much more than a network security problem.
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Slideshows  |  5/27/2016  | 
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
DNS Management Provider Hit With Sophisticated, 'Precise' DDoS Attacks
News  |  5/27/2016  | 
NS1 CEO says other DNS providers also have been attacked over the past few months.
Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT
Quick Hits  |  5/26/2016  | 
Authorities cite similarities in Sonali Bank hack with February's $81 million central bank theft.
Unsung (And Under-Sung) Heroes Of Security
News  |  5/25/2016  | 
You've heard of the cybersecurity rock stars, but there are plenty of other major contributors to the industry who deserve kudos. In celebration of Dark Reading's 10th anniversary, meet a few of these folks.
A Newer Variant Of RawPOS: An In-Depth Look
Commentary  |  5/25/2016  | 
There's no silver bullet for RawPOS prevention, but you can impede RawPOS's ability to execute successfully by understanding how it works.
1 Security Incident x 4 Tools x 8 Roles = 8 Days
Partner Perspectives  |  5/25/2016  | 
Collaboration can significantly improve this equation.
Apple Rehires Security Expert Jon Callas
Quick Hits  |  5/25/2016  | 
Move seen as attempt to strengthen encryption features of Apple devices following face-off with FBI.
APWG: Phishing Attacks Jump 250% From Oct Through March
Quick Hits  |  5/25/2016  | 
Quarterly and monthly totals are the highest since the Anti-Phishing Working Group began tracking phishing in 2004.
GSA May Offer Bug Bounty Program For Federal Agencies
News  |  5/24/2016  | 
Researchers will be eligible for bounties of up to $3,500 for discovering bugs in federal agency systems.
Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS
News  |  5/24/2016  | 
Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.
Employee Negligence The Cause Of Many Data Breaches
News  |  5/24/2016  | 
Enterprise privacy and training programs lack the depth to change dangerous user behavior, Experian study finds.
Poor Airport Security Practices Just Dont Fly
Commentary  |  5/24/2016  | 
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
Why Microsoft's New Office 2016 Macro Control Feature Matters
News  |  5/23/2016  | 
Resurgence in macro attacks result in Microsoft adding new protections from macro abuse.
G7 Global Finance Leaders Push Cybersecurity Framework
Quick Hits  |  5/23/2016  | 
At G7 meeting, US Treasury official says cybercrime issues 'not going away.'
TeslaCrypt Ransomware Group Pulls Plug, Releases Decrypt Key
News  |  5/20/2016  | 
But dont be surprised if group revives campaign or launches another one, security researchers say.
5 Tips for Protecting Firmware From Attacks
Slideshows  |  5/20/2016  | 
Dont let hackers take advantage of holes in firmware. Heres how to stop them.
Cyber Security A Major Risk To US Financial System: SEC Chief
Quick Hits  |  5/20/2016  | 
Mary Jo White believes that despite preparedness, procedures in place to fight cyberattacks are inadequate.
Bangladesh Officials Computer Hacked To Carry Out $81 Million Theft
Quick Hits  |  5/20/2016  | 
Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft.
OPM Breach: Cyber Sprint Response More Like A Marathon
News  |  5/19/2016  | 
Sixty-five percent of federal security execs surveyed in new (ISC)2 report say that government still cant detect ongoing cyber attacks.
5 Reasons Enterprises Still Worry About Cloud Security
News  |  5/19/2016  | 
Cloud spending and adoption has been on the rise for years, but the gap in cloud security confidence still causes pause with enterprises.
Presidential Campaigns Hit By Hackers, Says US Intelligence Chief
Quick Hits  |  5/19/2016  | 
Clapper says hacking likely to intensify; officials working with campaigns to secure their networks.
Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says
News  |  5/18/2016  | 
Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing.
Domain Abuse Sinks Anchors Of Trust
News  |  5/18/2016  | 
Georgia Tech researchers create algorithm to help detect rising DNS domain abuse by cybercriminals, nation-state actors.
Survey: Customers Lose Trust In Brands After A Data Breach
Quick Hits  |  5/18/2016  | 
Survey by FireEye highlights customer reluctance to continue with service providers with weak cybersecurity.
'Skimer' Stealing Money, Card Data From ATMs Around Globe
News  |  5/18/2016  | 
Windows-based ATMs are vulnerable to this new variant of ATM malware, Kaspersky Lab says.
Cybercrooks Think More Like CEOs And Consultants Than You Think
News  |  5/17/2016  | 
Speaking the language of the board room, and understanding things like value chain and SWOT analysis, might help you speak the language of the adversary.
GhostShell Leaks Data From 32 Sites In Light Hacktivism Campaign
Quick Hits  |  5/17/2016  | 
After a few months of silence, the Romanian hacktivist is back to expose the dangers of leaving FTP ports unprotected.
Ukrainian Pleads Guilty To Stealing Press Releases For Insider Trading
Quick Hits  |  5/17/2016  | 
In largest known cyber securities fraud to date, hackers and traders made $30 million from unreleased press releases.
Surviving Infosec: Keep Calm & Make Time For Yourself
Commentary  |  5/17/2016  | 
Nine simple but powerful ways to break out of those painful states of mind when you cant leave the office.
That Time I Got Publicly Hacked
Commentary  |  5/16/2016  | 
In honor of Dark Reading's 10th anniversary, I embarrass myself one more time for posterity.
Dark Reading Radio: How To Get The Most Out Of Your Security Budget
Commentary  |  5/16/2016  | 
Join us on Wednesday, May 18 at 1pmEDT/10am PDT, for a discussion with security executives on how to prioritize and manage your IT security budget.
Tennessee Man Found Guilty Of Mitt Romney Tax Return Hack Scheme
Quick Hits  |  5/16/2016  | 
Convicted for attempt to blackmail PwC accounting firm with release of former U.S. Presidential candidate's pre-2010 tax returns.
CISO Playbook: Games Of War & Cyber Defenses
Commentary  |  5/16/2016  | 
Limiting incident response planning to hypothetical table-top scenarios is far too risky in todays threat environment. But with cyberwar gaming, you can simulate the experience of a real attack.
Bangladesh Bank Theft: New York Fed Stands By Transfer Procedures
Quick Hits  |  5/16/2016  | 
Bank replies to US lawmaker query whether transfer of funds should have been blocked.
Encryption 101: Covering the Bases
Slideshows  |  5/13/2016  | 
Heres an overview of the key encryption types youll need to lock down your companys systems.
SWIFT Confirms Cyber Heist At Second Bank; Researchers Tie Malware Code to Sony Hack
News  |  5/13/2016  | 
Operator of global secure messaging system for banks warns of highly adaptive campaign
'Pawn Storm' APT Campaign Rolls On With Attacks in Germany, Turkey
News  |  5/13/2016  | 
Offices of German chancellor Angela Merkel among those targeted in recent attacks, Trend Micro says.
US, China Hold Cyber Talks For First Time After September Deal
Quick Hits  |  5/13/2016  | 
Meeting was part of pledge between heads of both nations for joint action on growing cyberspace concerns.
Bangladesh Bank Theft: SWIFT CEO Rejects Theory Of Loopholes In Network
Quick Hits  |  5/13/2016  | 
Leibbrandt says customer fraud is the likely explanation for the $81 Million bank heist.
Why Online Video Gaming Will Be The Next Industry Under Cyber Attack
Commentary  |  5/13/2016  | 
As more money flows into games, criminals are targeting this new and lucrative market with the tools and techniques they once used to hack online banks and Internet retailers.
Call Centers In The Bullseye
News  |  5/12/2016  | 
Cheap set-ups, economic recession, and the US rollout of chip-and-PIN technology, all contribute to dramatic increase in call center fraud.
6 Shocking Intellectual Property Breaches
Slideshows  |  5/12/2016  | 
Not all breaches involve lost customer data. Sometimes the most damaging losses come when intellectual property is pilfered.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-28
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscree...
PUBLISHED: 2022-01-28
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
PUBLISHED: 2022-01-28
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in ...
PUBLISHED: 2022-01-28
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value w...
PUBLISHED: 2022-01-28
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis sug...