Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2017
<<   <   Page 2 / 2
Breaches Can Crater Companies' Stock by 5%
Quick Hits  |  5/15/2017  | 
New Ponemon study shows how breaches can bring a company's stock price down by an average of 5% on the day of the incident.
Your Grandma Could Be the Next Ransomware Millionaire
Commentary  |  5/15/2017  | 
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
News  |  5/12/2017  | 
A wave of ransomware infections took down a wide swath of UK hospitals and is rapidly moving across the globe.
New Malware Uses GeoCities, North Korea Interest to Trick Victims
News  |  5/12/2017  | 
A new threat called Baijiu leverages the GeoCities web service, and heightened interest in North Korea, to deceive victims.
8 Notorious Russian Hackers Arrested in the Past 8 Years
Slideshows  |  5/12/2017  | 
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
Jaff Ransomware Family Emerges In Force
Quick Hits  |  5/12/2017  | 
A new ransomware family is making the rounds in multiple high-volume spam campaigns over the past day, according to Cisco Talos.
5 Steps to Maximize the Value of your Security Investments
Commentary  |  5/12/2017  | 
How a security rationalization process can help CISOs make the most out of their information security infrastructure, and also improve the company bottom line.
Trump Issues Previously Delayed Cybersecurity Executive Order
News  |  5/11/2017  | 
EO calls for immediate review of federal agencies' security postures, adoption of the NIST Framework, and a focus on critical infrastructure security.
Keylogger Discovered in Some HP Laptops
Quick Hits  |  5/11/2017  | 
Researchers discovered the audio driver in some HP laptops contains a tool to record and save users' keystrokes.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Artificial Intelligence: Cybersecurity Friend or Foe?
Commentary  |  5/11/2017  | 
The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
'Systemic' Cyberattack Most Likely to Hit Financial, Energy Sectors
Quick Hits  |  5/10/2017  | 
The financial services industry is among the top five industries that likely face a systemic cyberattack, according to a survey released today.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
FTC Launches Cybersecurity Resource Website for SMBs
Quick Hits  |  5/10/2017  | 
Federal Trade Commission website offers free tips and information for small businesses.
Extreme Makeover: AI & Network Cybersecurity
Commentary  |  5/10/2017  | 
In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.
SLocker Ransomware Variants Surge
News  |  5/10/2017  | 
SLocker, one of the top 20 Android malware families, has seen a six-fold increase in the number of new versions over the past six months.
Hackers Face $8.9 Million Fine for Law Firm Breaches
Quick Hits  |  5/9/2017  | 
A federal court orders three Chinese nationals to pay $8.9 million in fines and penalties for hacking into two law firms and using stolen confidential information to trade stocks.
New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack
News  |  5/9/2017  | 
The Persirai IoT botnet, which targets IP cameras, arrives hot on the heels of Mirai and highlights the growing threat of IoT botnets.
Android App Permission in Google Play Contains Security Flaw
Quick Hits  |  5/9/2017  | 
Android's app permission mechanisms could allow malicious apps in Google Play to download directly onto the device.
10 Free or Low-Cost Security Tools
Slideshows  |  5/9/2017  | 
At a time when many organizations struggle with security funding, open-source tools can help cut costs for certain businesses.
Microsoft Releases Emergency Patch For RCE Vuln
News  |  5/9/2017  | 
Flaw in Microsoft Malware Protection Engine called 'crazy bad' by researchers who discovered it.
Deciphering the GDPR: What You Need to Know to Prepare Your Organization
Commentary  |  5/9/2017  | 
The European Union's upcoming privacy regulations are incredibly complex. Here are four important points to keep in mind.
Aflac CISO: Insurance Sector Ramps Up Cyber Defenses
News  |  5/8/2017  | 
Aflac CISO Tim Callahan discusses ongoing initiatives to stay secure as hackers ramp up attacks on financial services.
DHS Report Outlines Feds' Mobile Security Threats
Quick Hits  |  5/8/2017  | 
The US Department of Homeland Security sent Congress a study on mobile security threats facing federal government workers as well as recommendations for protection.
Google Ratchets Up OAuth Policies in Wake of Phishing Attacks
Quick Hits  |  5/8/2017  | 
Google says it responded to the widespread Google Docs phishing campaign within one hour of detecting it.
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Commentary  |  5/8/2017  | 
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
Law Firm Sues Insurer Over Income Loss in Ransomware Attack
Quick Hits  |  5/5/2017  | 
A Rhode Island law firm sued its insurer over failing to pay for lost income following a ransomware attack on the firm.
FBI: Business- and Email Account Compromise Attack Losses Hit $5 Billion
Quick Hits  |  5/5/2017  | 
The FBI's IC3 division reports a 2,370% spike in exposed losses resulting from BEC and EAC between January 2015 and December 2016.
Europe Pumps Out 50% More Cybercrime Attacks Than US
News  |  5/4/2017  | 
Cyberattacks originating from Europe were substantially higher than nefarious activity launched from the US during the first quarter.
New 'Bondnet' Botnet Mines Cryptocurrencies
News  |  5/4/2017  | 
The botnet has infected more than 15,000 machines at major institutions, including high-profile companies, universities, and city councils.
SS7 Flaws Exploited in Attacks Against Mobile Users' Bank Accounts
Quick Hits  |  5/4/2017  | 
Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, attacking bank accounts in Germany by intercepting two-factor authentication codes sent to mobile phones.
Microsoft Ends Security Updates for Windows 10 Version 1507
Quick Hits  |  5/4/2017  | 
Microsoft will end security updates for Windows 10 version 1507 on May 9, 2017.
Midsize Businesses Prove Easy Attack Targets
News  |  5/4/2017  | 
Basic security practices could protect small- to midsized businesses from cybercriminals looking for low-risk, high-reward targets.
Why OAuth Phishing Poses A New Threat to Users
Commentary  |  5/4/2017  | 
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
How to Integrate Threat Intel & DevOps
Commentary  |  5/4/2017  | 
Automating intelligence can help your organization in myriad ways.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
Sabre Breach May Put Traveler Data at Risk
Quick Hits  |  5/3/2017  | 
Travel giant Sabre investigates a potentially significant data breach of a reservations system used by more than 32,000 properties.
Researchers Hack Industrial Robot
News  |  5/3/2017  | 
New research finds more than 80,000 industrial routers exposed on the public Internet.
Healthcare Breaches Hit All-Time High in 2016
News  |  5/3/2017  | 
More than 300 healthcare businesses reported data breaches in 2016, but a drop in leaked records put fewer Americans at risk.
Intel Patches 'Critical' Elevation Privilege Bug in High-End Chips
Quick Hits  |  5/2/2017  | 
Semiconductor giant releases patch for its Intel Active Management Technology vulnerability that could allow an attacker to escalate privileges in its high-end chipsets.
Getting Threat Intelligence Right
Commentary  |  5/2/2017  | 
Are you thinking of implementing or expanding a threat intelligence program? These guidelines will help you succeed.
New Global Resilience Federation Will Share Threat Intel Across Industries
Quick Hits  |  5/2/2017  | 
Born out of a partnership of information sharing and analysis centers and organizations, Global Resilience Federation launches today to share intelligence and information across a number of industry sectors.
What's in a Name? Breaking Down Attribution
Commentary  |  5/2/2017  | 
Here's what you really need to know about adversaries.
Financial Services Sector the #1 Target of Cybercriminals
News  |  5/1/2017  | 
New IBM report finds the most frequently targeted industry in 2016 was financial services - where attacks increased 29% year-over-year.
Hackers Steal and Post Unreleased Episodes of Netflix's 'Orange is the New Black'
Quick Hits  |  5/1/2017  | 
Netflix got hit with an extortion attempt for upcoming episodes of its popular "Orange Is the New Black" television series.
One-Third of Federal Agencies Reported Data Breaches in 2016
Quick Hits  |  5/1/2017  | 
Nearly all federal respondents surveyed consider themselves vulnerable and cite problems with security staffing and spending, a new report shows.
The Cyber-Committed CEO & Board
Commentary  |  5/1/2017  | 
Here is what CISOs need to communicate to upper management about the business risks of mismanaging cybersecurity.
Cybersecurity Training Nonexistent at One-Third of SMBs
News  |  5/1/2017  | 
But nearly half of US SMBs in a new survey would be willing to participate in security awareness training at their workplace - even if it was optional.
<<   <   Page 2 / 2


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there&iuml;&iquest;&frac12;s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...