Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2017
Page 1 / 2   >   >>
Cybersecurity Insurance Lacking at 50% of US Companies
Quick Hits  |  5/31/2017  | 
While half of US security professionals say their companies passed on cybersecurity insurance, the figure is far higher in healthcare, according to a survey released today.
The Case for Disclosing Insider Breaches
Commentary  |  5/31/2017  | 
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Heres why they shouldnt.
Mobile App Back-End Servers, Databases at Risk
News  |  5/31/2017  | 
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
Most Security Pros Expect to Suffer Cyberattacks via Unsecured IoT
News  |  5/31/2017  | 
A new report shows the majority of security professionals believe within the next two years they will be victims of DDoS and other attacks due to unsecured IoT devices.
The Cons of a 'Silver Bullet' Approach to Endpoint Defense
News  |  5/31/2017  | 
Companies relying on individual security solutions won't find one is a 'silver bullet' that will provide seamless protection.
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Commentary  |  5/31/2017  | 
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
Cisco and IBM Team Up on Security
Quick Hits  |  5/31/2017  | 
The two tech titans enter into an agreement to collaborate on technology, services, and threat intelligence.
Bot-Driven Online Ad Fraud Losses Decline
News  |  5/30/2017  | 
But counterfeit ad inventory the next big worry for online advertisers.
Securing IoT Devices Requires a Change in Thinking
Commentary  |  5/30/2017  | 
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info
Quick Hits  |  5/26/2017  | 
Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.
Elections, Deceptions & Political Breaches
Commentary  |  5/26/2017  | 
Political hacks have many lessons for the business world.
8 Most Overlooked Security Threats
Slideshows  |  5/26/2017  | 
Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.
WannaCry Gives Consumers a First Look into Ransomware
Quick Hits  |  5/25/2017  | 
Although ransomware has been around for two years, it took the fast-moving and expansive WannaCry to provide a majority of consumers their first glimpse, according to a study released today.
Medical Devices Fall Short in Security Best Practices
News  |  5/25/2017  | 
More than half of medical device makers and healthcare delivery organizations anticipate an attack on their medical devices within the next 12 months, but only a smattering take significant steps to prevent it, according to a survey released today.
82% of Databases Left Unencrypted in Public Cloud
News  |  5/25/2017  | 
Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security.
Unsanctioned Computer Support Costs Companies $88K per Year
Quick Hits  |  5/24/2017  | 
A new survey of security professionals says that 83% of respondents help colleagues in other departments fix their privately-owned computers on company time.
DDoS Attacks Fell 23% in First Quarter, Grew in Size
Quick Hits  |  5/24/2017  | 
Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday.
4 Reasons the Vulnerability Disclosure Process Stalls
Commentary  |  5/24/2017  | 
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Credential-Stuffing Threat Intensifies Amid Password Reuse
News  |  5/23/2017  | 
Employees who reuse logins on multiple websites drive the impact of third-party breaches as hackers use credential stuffing to compromise more accounts.
9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
Slideshows  |  5/23/2017  | 
Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing now.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks, such as spearphishing, will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Commentary  |  5/23/2017  | 
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
WannaCry Hit Windows 7 Machines Most
News  |  5/22/2017  | 
More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.
Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts
Quick Hits  |  5/22/2017  | 
Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.
Emerging Threats to Add to Your Security Radar Screen
News  |  5/22/2017  | 
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
Chinese Man Pleads Guilty to Espionage, Theft from US Firm
Quick Hits  |  5/22/2017  | 
Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.
In Search of an Rx for Enterprise Security Fatigue
Commentary  |  5/22/2017  | 
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Quick Hits  |  5/19/2017  | 
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
Ransomware Rocks Endpoint Security Concerns
News  |  5/19/2017  | 
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
5 Security Lessons WannaCry Taught Us the Hard Way
News  |  5/18/2017  | 
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
Don't Forget Basic Security Measures, Experts Say
News  |  5/18/2017  | 
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
Android Users Fail to Run Latest OS Version
Quick Hits  |  5/18/2017  | 
A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
News  |  5/17/2017  | 
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
Survey: Unpatched Windows OS on the Rise
Quick Hits  |  5/17/2017  | 
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
Inside the Motivations Behind Modern Cyberattackers
News  |  5/17/2017  | 
Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
News  |  5/16/2017  | 
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
News  |  5/16/2017  | 
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
DocuSign's Brand Used in Phishing Attacks
Quick Hits  |  5/16/2017  | 
The electronic signature company issued an update alert today that it noticed a rise in phishing attacks last week and this morning.
FTC Launches 'Operation Tech Trap' to Catch Fraudsters
Quick Hits  |  5/16/2017  | 
The Federal Trade Commission has teamed up with law enforcement partners to crack down on tech support scams.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
Study: Rooted Androids, Jailbroken iPhones Found in Enterprises
News  |  5/16/2017  | 
A study released today gives greater insight into some of the worst fears for security pros trying to manage employees' BYOD mobile phones.
How Many People Does It Take to Defend a Network?
Commentary  |  5/16/2017  | 
The question is hard to answer because there aren't enough cybersecurity pros to go around.
Majority of CEOs Knowingly Raise Risk Level With Their Shadow IT
News  |  5/16/2017  | 
Despite the increased risk shadow IT poses to security, a majority of CEOs surveyed say they are willing to take the risk, according to a survey released today.
Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
News  |  5/15/2017  | 
Google, Kaspersky Lab and Symantec all have found common code in the WannaCry malware and that of the nation-state hackers behind the mega breach of Sony.
Microsoft Calls for IoT Cybersecurity Policy Development
Quick Hits  |  5/15/2017  | 
Microsoft emphasizes the need for new security policies as IoT growth heightens the consequences of cyberattacks.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...