Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2017
Page 1 / 2   >   >>
8tracks Hit With Breach of 18 Million Accounts
Quick Hits  |  6/30/2017  | 
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
Vulnerabilities Found in German e-Government Communication Library
Quick Hits  |  6/30/2017  | 
Researchers find critical flaws in secure communications protocol used in areas including population registration, justice and public health systems.
Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye
News  |  6/29/2017  | 
Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
News  |  6/29/2017  | 
Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
IoT Vulns Draw Biggest Bug Bounty Payouts
News  |  6/29/2017  | 
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Massive Skype Zero-Day Enables Remote Crashes
News  |  6/27/2017  | 
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Quick Hits  |  6/27/2017  | 
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
News  |  6/26/2017  | 
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
Look, But Don't Touch: One Key to Better ICS Security
News  |  6/26/2017  | 
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Virginia Consultant Charged with Espionage
Quick Hits  |  6/23/2017  | 
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading INsecurity Conference Registration Now Open
Commentary  |  6/21/2017  | 
November event will focus on attendee interaction, "blue team" best practices.
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Data Breach Costs Drop Globally But Increase in US
News  |  6/20/2017  | 
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
Apple iOS Threats Fewer Than Android But More Deadly
News  |  6/20/2017  | 
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
RNC Voter Data on 198 Million Americans Exposed in the Cloud
News  |  6/19/2017  | 
One of the largest known US voter data leaks compromised personal information via an unsecured public-storage cloud account set up on behalf of the Republican National Committee.
Rise of Nation State Threats: How Can Businesses Respond?
News  |  6/19/2017  | 
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
Major Websites Vulnerable to their Own Back-End Servers
News  |  6/19/2017  | 
DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Commentary  |  6/19/2017  | 
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Hacker Bypasses Microsoft ATA for Admin Access
News  |  6/16/2017  | 
Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.
Forrester: Rapid Cloud Adoption Drives Demand for Security Tools
News  |  6/16/2017  | 
Cloud services revenue is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020, driving the market for products to secure data in the cloud.
Engineer Sentenced to Prison for Hacking Utility, Disabling Water Meter-Readers
Quick Hits  |  6/16/2017  | 
A Pennsylvania man is sentenced to more than a year in prison after hacking into a remote water meter reading system run by his former employer.
Lack of Experience Biggest Obstacle for InfoSec Career
Quick Hits  |  6/16/2017  | 
A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.
Why Your AppSec Program Is Doomed to Fail & How to Save It
Commentary  |  6/16/2017  | 
With these measures in place, organizations can avoid common pitfalls.
Samsung KNOX Takes Some Knocks
News  |  6/15/2017  | 
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well.
1 Million Endpoints Exposed on Public Internet via Microsoft File-Sharing Services
News  |  6/15/2017  | 
Research on global Internet security posture found endpoints leaving Microsoft SMB file-sharing systems wide open online, a finding that explains the rapid spread of WannaCry, Rapid7 says.
Climbing the Security Maturity Ladder in Cloud
Commentary  |  6/15/2017  | 
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Most Organizations Not Satisfied with Threat Intelligence
Quick Hits  |  6/15/2017  | 
Information Security Forum survey finds just one quarter of companies surveyed say threat intelligence technology is delivering on its promise.
Trumps Executive Order: What It Means for US Cybersecurity
Commentary  |  6/15/2017  | 
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.