Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2018
Page 1 / 2   >   >>
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Building Blocks for a Threat Hunting Program
News  |  5/31/2018  | 
Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Git Fixes Serious Code Repository Vulnerability
News  |  5/31/2018  | 
GitHub, Visual Studio Team Services, and other code repositories patching to prevent attackers from targeting developer systems.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
Hacker Sentenced to 5 Years in Yahoo Credential Theft Case
News  |  5/30/2018  | 
Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Mobile Malware Moves to Mine Monero (and Other Currencies)
Quick Hits  |  5/30/2018  | 
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
Canadian Banks Hacked
Quick Hits  |  5/29/2018  | 
At least 90,000 customers affected in breach at two financial institutions in Canada.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
New Threats, Old Threats: Everywhere a Threat
Commentary  |  5/29/2018  | 
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
Android Malware Comes Baked into Some New Tablets, Phones
Quick Hits  |  5/25/2018  | 
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
Wicked Mirai Brings New Exploits to IoT Botnets
News  |  5/25/2018  | 
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
More Than Half of Users Reuse Passwords
News  |  5/24/2018  | 
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
Fraud Drops 76% for Merchants Using EMV, Says Visa
Quick Hits  |  5/23/2018  | 
A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.
Destructive 'VPNFilter' Attack Network Uncovered
News  |  5/23/2018  | 
More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.
What Should Post-Quantum Cryptography Look Like?
News  |  5/23/2018  | 
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
News  |  5/23/2018  | 
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
6 Steps for Applying Data Science to Security
Slideshows  |  5/23/2018  | 
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Quick Hits  |  5/23/2018  | 
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
New Spectre Variants Add to Vulnerability Worries
News  |  5/22/2018  | 
Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
News  |  5/22/2018  | 
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
News  |  5/22/2018  | 
Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
Cybercriminals Battle Against Banks' Incident Response
News  |  5/22/2018  | 
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
ZipperDown Vulnerability Could Hit 10% of iOS Apps
Quick Hits  |  5/22/2018  | 
A newly discovered vulnerability could affect thousands of iOS apps -- and Android users may not be spared.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
North Korean Defectors Targeted with Malicious Apps on Google Play
News  |  5/21/2018  | 
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
New BIND Vulnerabilities Threaten DNS Availability
Quick Hits  |  5/21/2018  | 
A pair of vulnerabilities in BIND could leave some organizations without DNS.
'Roaming Mantis' Android Malware Evolves, Expands Targets
Quick Hits  |  5/21/2018  | 
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
Actor Advertises Japanese PII on Chinese Underground
News  |  5/18/2018  | 
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
New Mexico Man Sentenced on DDoS, Gun Charges
Quick Hits  |  5/18/2018  | 
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
How to Hang Up on Fraud
Commentary  |  5/18/2018  | 
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
New Research Seeks to Shorten Attack Dwell Time
News  |  5/18/2018  | 
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
Newly Discovered Malware Targets Telegram Desktop
News  |  5/16/2018  | 
Russian-speaking attacker behind new malware capable of lifting credentials, cookies, desktop cache, and key files.
Want Your Daughter to Succeed in Cyber? Call Her John
Commentary  |  5/16/2018  | 
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
IT Pros Worried About IoT But Not Prepared to Secure It
News  |  5/16/2018  | 
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
US Government Cybersecurity at a Crossroads
News  |  5/15/2018  | 
Trump reportedly kills cybersecurity coordinator position, while many agencies continue to play catch-up in their defenses.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16669
PUBLISHED: 2019-09-21
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2019-16656
PUBLISHED: 2019-09-21
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVE-2019-16657
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16658
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2019-16659
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.