Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2015
Gas Stations In the Bullseye
News  |  6/29/2015  | 
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
Cyber Resilience And Spear Phishing
Partner Perspectives  |  6/29/2015  | 
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Commentary  |  6/29/2015  | 
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
3 Simple Steps For Minimizing Ransomware Exposure
Commentary  |  6/26/2015  | 
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
News  |  6/25/2015  | 
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
News  |  6/25/2015  | 
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
What Do You Mean My Security Tools Dont Work on APIs?!!
Commentary  |  6/25/2015  | 
SAST and DAST scanners havent advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Child Exploitation & Assassins For Hire On The Deep Web
News  |  6/23/2015  | 
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
Government, Healthcare Particularly Lackluster In Application Security
News  |  6/23/2015  | 
Veracode's State of Software Security Report lays out industry-specific software security metrics.
The Dark Web: An Untapped Source For Threat Intelligence
Commentary  |  6/23/2015  | 
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Heres how.
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
News  |  6/23/2015  | 
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Quick Hits  |  6/22/2015  | 
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
FitBit, Acer Liquid Leap Fail In Security Fitness
News  |  6/22/2015  | 
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
Security Surveys: Read With Caution
Commentary  |  6/22/2015  | 
Im skeptical of industry surveys that tell security practitioners what they already know. Dont state the obvious. Tell us the way forward.
9 Questions For A Healthy Application Security Program
Commentary  |  6/19/2015  | 
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Cybersecurity Advice From A Former White House CIO
Commentary  |  6/18/2015  | 
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
No End In Sight For Exposed Internet Of Things, Other Devices
News  |  6/17/2015  | 
New data from an Internet-scanning project shows vulnerable consumer and enterprise systems remain a big problem on the public Net.
Time to Focus on Data Integrity
Commentary  |  6/17/2015  | 
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
Is Your Security Operation Hooked On Malware?
Commentary  |  6/16/2015  | 
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
3 Keys For More Effective Security Spend
News  |  6/15/2015  | 
New study models security costs to show how variables can affect the risk to ROI equation over time.
OPM Breach Scope Widens, Employee Group Blasts Agency For Not Encrypting Data
News  |  6/12/2015  | 
Lack of encryption 'indefensible' and 'outrageous,' American Federation of Government Employees says.
Few Skills Needed to Build DDoS Infrastructure, Honeypot Project Shows
News  |  6/11/2015  | 
Novetta's analysis of the tactics used by attackers to exploit a flaw in Elasticsearch shows script kiddies can build DDoS attacks.
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
Commentary  |  6/11/2015  | 
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
Breach Defense Playbook: Assessing Your Security Controls
Partner Perspectives  |  6/10/2015  | 
Do you include physical security as part of your cybersecurity risk management plan?
OPM Breach Exposes Agency's Systemic Security Woes
News  |  6/10/2015  | 
The massive hack at the Office of Personnel Management showed not just room for improvement but a lack of very basic security fundamentals -- and expertise.
White House Calls For Encryption By Default On Federal Websites By Late 2016
News  |  6/9/2015  | 
Just 31% of federal agencies today host HTTPS websites and the Office of Management and Budget (OMB) has now given the rest of the government a deadline for doing so.
Beware of Emails Bearing Gifts
Partner Perspectives  |  6/9/2015  | 
A security-connected framework can help your organization thwart cybercrime.
Cybercrime Can Give Attackers 1,425% Return on Investment
News  |  6/9/2015  | 
Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain.
Hospital Medical Devices Used As Weapons In Cyberattacks
News  |  6/8/2015  | 
Security firm discovered malware-infected medical devices in three hospitals hit by data breaches.
Long Cons: The Next Age of Cyber Attacks
Commentary  |  6/5/2015  | 
When hackers know that a big payday is coming they dont mind waiting for months for the best moment to strike.
Web App Developers Putting Millions At Risk
News  |  6/4/2015  | 
German security researchers find 56 million data records lying unprotected in cloud back-end databases.
Chinese ISP: China Is Victim Of Foreign State-Backed APT Group
News  |  6/4/2015  | 
Qihoo 360 says that OceanLotus has been stealing information from Chinese government agencies and maritime institutions since 2012.
How The Hacker Economy Impacts Your Network & The Cloud
Commentary  |  6/4/2015  | 
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
Help Wanted: Security Heroes & Heroines Only Need Apply
Commentary  |  6/3/2015  | 
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods'
News  |  6/2/2015  | 
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
Shaping A Better Future For Software Security
Commentary  |  6/2/2015  | 
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Heres a recap of what you missed.
Todays Requirements To Defend Against Tomorrows Insider Threats
Commentary  |  6/1/2015  | 
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Heres how to put them together.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...
CVE-2020-6009
PUBLISHED: 2020-04-01
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
CVE-2020-6096
PUBLISHED: 2020-04-01
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker ...