Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2016
Page 1 / 2   >   >>
Recalibrating Cybersecurity Spending Projections
Slideshows  |  6/29/2016  | 
How big and how fast will the cybersecurity market grow in five years? Inquiring minds want to know.
The Newbies 'How To Survive Black Hat' Guide
Commentary  |  6/29/2016  | 
Theres little chance you wont be totally exhausted after drinking from the information firehose all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Over 25,000 IoT CCTV Cameras Used In DDoS Attack
Quick Hits  |  6/29/2016  | 
Probe uncovers attacks generated from 105 global locations and delivering 50,000 HTTP requests per second.
Hackers Pilfer $10 Million From Ukraine Bank
Quick Hits  |  6/29/2016  | 
Reports allege criminals used SWIFT to transfer money, have compromised several Ukraine, Russia banks.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Commentary  |  6/28/2016  | 
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
Attackers Wrapping New Tools In Old Malware To Target Medical Devices
News  |  6/28/2016  | 
Hospital equipment running old operating systems providing safe harbor for data theft, TrapX says.
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
News  |  6/27/2016  | 
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
Cerber Strikes With Office 365 Zero-Day Attacks
News  |  6/27/2016  | 
Ransomware variant continues its success through chameleon-like reinvention.
Ohio Official: Prevent Ransomware Attacks, Save Taxpayers Money
Quick Hits  |  6/27/2016  | 
Ohio state auditor asks employees to be alert to cyberattacks amid reports of 35-fold rise in ransomware domains in Q1 2016.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and youre likely to get some confused looks. Heres why.
Mind The Gap: CISOs Versus 'Operators'
Commentary  |  6/25/2016  | 
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
5 Ways To Think Like A Hacker
Slideshows  |  6/24/2016  | 
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
NASCAR Race Team Learns Ransomware Lesson The Hard Way
News  |  6/24/2016  | 
Pays ransom to save $2 million worth of information, warns others of the dangers.
'PunkyPOS' Malware Dissected
Quick Hits  |  6/24/2016  | 
PunkeyPOS copies card data and bank magnetic stripes and has breached around 200 POS terminals in the US, says report.
'Smart' Building Industry Mulls Cybersecurity Challenges
News  |  6/23/2016  | 
New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week.
Large Botnet Comes Back To Life -- With More Malware
News  |  6/23/2016  | 
The Necurs botnet associated with Dridex and Locky is back after three-week haitus.
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware
News  |  6/22/2016  | 
Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.
How To Lock Down So Ransomware Doesn't Lock You Out
Slideshows  |  6/22/2016  | 
Ransomware has mutated into many different forms and its not always easy to catch them all, but here are some things you can do.
Bug Poachers: A New Breed of Cybercriminal
Commentary  |  6/22/2016  | 
As if security researchers dont have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
Guccifer 2.0: Red Herring Or Third DNC Hacker?
News  |  6/21/2016  | 
CrowdStrike and Fidelis say all evidence for intrusions at DNC points to Russian-backed groups.
'Hack The Pentagon' Paid 117 Hackers Who Found Bugs In DoD Websites
News  |  6/21/2016  | 
Defense Department's historic bug bounty pilot yields 138 valid reports of vulnerabilities, most of which were fixed within two days.
Phishing, Whaling & The Surprising Importance Of Privileged Users
Commentary  |  6/21/2016  | 
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
7 Need-To-Know Attack Stats
Slideshows  |  6/21/2016  | 
Facts & figures about average dwell times, incident response speeds, and which direction the 'detection deficit' is heading.
5 Tips For Staying Cyber-Secure On Your Summer Vacation
News  |  6/20/2016  | 
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
Veterans Administration Adopts UL Security Certification Program For Medical Devices
News  |  6/20/2016  | 
Goal is to ensure network-connected medical devices purchased by the VA meet baseline security standards established by Underwriters Laboratories.
NATO Officially Declares Cyberspace A Domain For War
Quick Hits  |  6/17/2016  | 
Cyberattack on a NATO ally will now trigger a collective response.
An Inside Look At The Mitsubishi Outlander Hack
Slideshows  |  6/17/2016  | 
White hat hacker finds WiFi flaws in mobile app for popular auto; Mitsubishi working on fix.
Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says
News  |  6/17/2016  | 
With attacks against industrial control networks increasing so too have the challenges, Booz Allen Hamilton says.
Survey Points To 75% Organizations With Poor Cybersecurity
Quick Hits  |  6/15/2016  | 
RSA research says nearly half of surveyed companies show their incident response capabilities to be nonexistent.
FBI: BEC Scam Attempts Amount to $3 Billion
Quick Hits  |  6/15/2016  | 
FBI warns of rise in business email compromise frauds, says it should be reported immediately.
Trump Data Theft Stirs Concerns Of Cyberattacks On Presidential Campaigns
News  |  6/15/2016  | 
Two Russian cybergroups stole a DNC database containing opposition research on Trump in two unrelated campaigns over past year, Crowdstrike says
Windows 'BadTunnel' Attack Hijacks Network Traffic
News  |  6/15/2016  | 
Newly discovered -- and now patched -- Windows design flaw affects all versions of Windows.
A Look Back At Dark Reading's Best 10 Years (So Far)
Commentary  |  6/14/2016  | 
The past decade in security -- from botnets that were bigger than some service provider networks to vulnerabilities that affected not only whole industries but the very fabric of the internet. And much, much more...
Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns
Partner Perspectives  |  6/14/2016  | 
Highlights from the June 2016 McAfee Labs Threats Report.
Russian Hackers Breach Democrats To Steal Data On Trump
Quick Hits  |  6/14/2016  | 
Washington Post: Government-sponsored group hacked Democratic National Committee to access email, chat traffic, and all 'opposition research' on GOP candidate Donald Trump.
Preliminary Agreement Reached On Airline Cybersecurity
Quick Hits  |  6/14/2016  | 
Panel likely to propose broad package of cyber protection including cockpit alarms, say sources.
Symantec To Spend $4.65 Billion On Blue Coat
Quick Hits  |  6/14/2016  | 
Deal will reportedly make company the worlds largest enterprise security business by revenues, but some in infosec industry are concerned.
12 Tips for Securing Cyber Insurance Coverage
Slideshows  |  6/13/2016  | 
As cyber insurance grows more available and popular it is also becoming increasingly complex and confusing. Our slideshow offers guidelines on how to get insurance, get decent coverage, and avoid limitations in coverage.
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Commentary  |  6/13/2016  | 
A sad tale of how hackers compromised a CEOs corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
27% Of Corporate-Connected Apps Are Risky
News  |  6/13/2016  | 
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
IoT Security: Onus On Developers, Security Researchers
Commentary  |  6/11/2016  | 
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
Ransomware Now Comes With Live Chat Support
News  |  6/10/2016  | 
Victims of a new version of Jigsaw now have access to live chat operators to help them through the ransom payment process, Trend Micro says.
Revealing Lessons About Vulnerability Research
Commentary  |  6/10/2016  | 
Its not clear why a dozen FBI agents showed up at a security researchers door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
The End Of A Security Decade -- And The Beginning Of A New One
Commentary  |  6/10/2016  | 
Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Biggest Attacks Of 2016 (So Far)
Slideshows  |  6/10/2016  | 
An attack against a Ukraine power grid and major upticks in ransomware dominate the headlines in this Dark Reading mid-year report.
US-CERT Warns Of Resurgence In Macro Attacks
News  |  6/9/2016  | 
Organizations and individuals urged to be proactive in protecting against threat from the 90s.
Google Dorking: Exposing The Hidden Threat
Commentary  |  6/9/2016  | 
Google Dorking sounds harmless, but it can take your company down. Here's what you need to know to avoid being hacked.
Super Hunters Emerge As More Companies Adopt Bug Bounties
News  |  6/8/2016  | 
'Super hunters' chase down vulnerabilities wherever there's a bug bounty payday...and they've become very popular with cybersecurity job recruiters, says Bugcrowd report.
Deconstructing The Impact Of Ransomware On Healthcares IoT
Commentary  |  6/8/2016  | 
If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13552
PUBLISHED: 2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-15301
PUBLISHED: 2019-09-18
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-5042
PUBLISHED: 2019-09-18
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
CVE-2019-5066
PUBLISHED: 2019-09-18
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs ...
CVE-2019-5067
PUBLISHED: 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerabi...