Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2016
Page 1 / 2   >   >>
Recalibrating Cybersecurity Spending Projections
Slideshows  |  6/29/2016  | 
How big and how fast will the cybersecurity market grow in five years? Inquiring minds want to know.
The Newbies 'How To Survive Black Hat' Guide
Commentary  |  6/29/2016  | 
Theres little chance you wont be totally exhausted after drinking from the information firehose all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Over 25,000 IoT CCTV Cameras Used In DDoS Attack
Quick Hits  |  6/29/2016  | 
Probe uncovers attacks generated from 105 global locations and delivering 50,000 HTTP requests per second.
Hackers Pilfer $10 Million From Ukraine Bank
Quick Hits  |  6/29/2016  | 
Reports allege criminals used SWIFT to transfer money, have compromised several Ukraine, Russia banks.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Commentary  |  6/28/2016  | 
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
Attackers Wrapping New Tools In Old Malware To Target Medical Devices
News  |  6/28/2016  | 
Hospital equipment running old operating systems providing safe harbor for data theft, TrapX says.
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
News  |  6/27/2016  | 
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
Cerber Strikes With Office 365 Zero-Day Attacks
News  |  6/27/2016  | 
Ransomware variant continues its success through chameleon-like reinvention.
Ohio Official: Prevent Ransomware Attacks, Save Taxpayers Money
Quick Hits  |  6/27/2016  | 
Ohio state auditor asks employees to be alert to cyberattacks amid reports of 35-fold rise in ransomware domains in Q1 2016.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and youre likely to get some confused looks. Heres why.
Mind The Gap: CISOs Versus 'Operators'
Commentary  |  6/25/2016  | 
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
5 Ways To Think Like A Hacker
Slideshows  |  6/24/2016  | 
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
NASCAR Race Team Learns Ransomware Lesson The Hard Way
News  |  6/24/2016  | 
Pays ransom to save $2 million worth of information, warns others of the dangers.
'PunkyPOS' Malware Dissected
Quick Hits  |  6/24/2016  | 
PunkeyPOS copies card data and bank magnetic stripes and has breached around 200 POS terminals in the US, says report.
'Smart' Building Industry Mulls Cybersecurity Challenges
News  |  6/23/2016  | 
New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week.
Large Botnet Comes Back To Life -- With More Malware
News  |  6/23/2016  | 
The Necurs botnet associated with Dridex and Locky is back after three-week haitus.
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware
News  |  6/22/2016  | 
Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.
How To Lock Down So Ransomware Doesn't Lock You Out
Slideshows  |  6/22/2016  | 
Ransomware has mutated into many different forms and its not always easy to catch them all, but here are some things you can do.
Bug Poachers: A New Breed of Cybercriminal
Commentary  |  6/22/2016  | 
As if security researchers don't have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
Guccifer 2.0: Red Herring Or Third DNC Hacker?
News  |  6/21/2016  | 
CrowdStrike and Fidelis say all evidence for intrusions at DNC points to Russian-backed groups.
'Hack The Pentagon' Paid 117 Hackers Who Found Bugs In DoD Websites
News  |  6/21/2016  | 
Defense Department's historic bug bounty pilot yields 138 valid reports of vulnerabilities, most of which were fixed within two days.
Phishing, Whaling & The Surprising Importance Of Privileged Users
Commentary  |  6/21/2016  | 
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
7 Need-To-Know Attack Stats
Slideshows  |  6/21/2016  | 
Facts & figures about average dwell times, incident response speeds, and which direction the 'detection deficit' is heading.
5 Tips For Staying Cyber-Secure On Your Summer Vacation
News  |  6/20/2016  | 
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
Veterans Administration Adopts UL Security Certification Program For Medical Devices
News  |  6/20/2016  | 
Goal is to ensure network-connected medical devices purchased by the VA meet baseline security standards established by Underwriters Laboratories.
NATO Officially Declares Cyberspace A Domain For War
Quick Hits  |  6/17/2016  | 
Cyberattack on a NATO ally will now trigger a collective response.
An Inside Look At The Mitsubishi Outlander Hack
Slideshows  |  6/17/2016  | 
White hat hacker finds WiFi flaws in mobile app for popular auto; Mitsubishi working on fix.
Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says
News  |  6/17/2016  | 
With attacks against industrial control networks increasing so too have the challenges, Booz Allen Hamilton says.
Survey Points To 75% Organizations With Poor Cybersecurity
Quick Hits  |  6/15/2016  | 
RSA research says nearly half of surveyed companies show their incident response capabilities to be nonexistent.
FBI: BEC Scam Attempts Amount to $3 Billion
Quick Hits  |  6/15/2016  | 
FBI warns of rise in business email compromise frauds, says it should be reported immediately.
Trump Data Theft Stirs Concerns Of Cyberattacks On Presidential Campaigns
News  |  6/15/2016  | 
Two Russian cybergroups stole a DNC database containing opposition research on Trump in two unrelated campaigns over past year, Crowdstrike says
Windows 'BadTunnel' Attack Hijacks Network Traffic
News  |  6/15/2016  | 
Newly discovered -- and now patched -- Windows design flaw affects all versions of Windows.
A Look Back At Dark Reading's Best 10 Years (So Far)
Commentary  |  6/14/2016  | 
The past decade in security -- from botnets that were bigger than some service provider networks to vulnerabilities that affected not only whole industries but the very fabric of the internet. And much, much more...
Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns
Partner Perspectives  |  6/14/2016  | 
Highlights from the June 2016 McAfee Labs Threats Report.
Russian Hackers Breach Democrats To Steal Data On Trump
Quick Hits  |  6/14/2016  | 
Washington Post: Government-sponsored group hacked Democratic National Committee to access email, chat traffic, and all 'opposition research' on GOP candidate Donald Trump.
Preliminary Agreement Reached On Airline Cybersecurity
Quick Hits  |  6/14/2016  | 
Panel likely to propose broad package of cyber protection including cockpit alarms, say sources.
Symantec To Spend $4.65 Billion On Blue Coat
Quick Hits  |  6/14/2016  | 
Deal will reportedly make company the worlds largest enterprise security business by revenues, but some in infosec industry are concerned.
12 Tips for Securing Cyber Insurance Coverage
Slideshows  |  6/13/2016  | 
As cyber insurance grows more available and popular it is also becoming increasingly complex and confusing. Our slideshow offers guidelines on how to get insurance, get decent coverage, and avoid limitations in coverage.
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Commentary  |  6/13/2016  | 
A sad tale of how hackers compromised a CEOs corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
27% Of Corporate-Connected Apps Are Risky
News  |  6/13/2016  | 
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
IoT Security: Onus On Developers, Security Researchers
Commentary  |  6/11/2016  | 
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
Ransomware Now Comes With Live Chat Support
News  |  6/10/2016  | 
Victims of a new version of Jigsaw now have access to live chat operators to help them through the ransom payment process, Trend Micro says.
Revealing Lessons About Vulnerability Research
Commentary  |  6/10/2016  | 
Its not clear why a dozen FBI agents showed up at a security researchers door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
The End Of A Security Decade -- And The Beginning Of A New One
Commentary  |  6/10/2016  | 
Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Biggest Attacks Of 2016 (So Far)
Slideshows  |  6/10/2016  | 
An attack against a Ukraine power grid and major upticks in ransomware dominate the headlines in this Dark Reading mid-year report.
US-CERT Warns Of Resurgence In Macro Attacks
News  |  6/9/2016  | 
Organizations and individuals urged to be proactive in protecting against threat from the 90s.
Google Dorking: Exposing The Hidden Threat
Commentary  |  6/9/2016  | 
Google Dorking sounds harmless, but it can take your company down. Here's what you need to know to avoid being hacked.
Super Hunters Emerge As More Companies Adopt Bug Bounties
News  |  6/8/2016  | 
'Super hunters' chase down vulnerabilities wherever there's a bug bounty payday...and they've become very popular with cybersecurity job recruiters, says Bugcrowd report.
Deconstructing The Impact Of Ransomware On Healthcares IoT
Commentary  |  6/8/2016  | 
If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...