Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2017
<<   <   Page 2 / 2
Malware Incidents at US SMBs Spiked 165% in Q1
News  |  6/15/2017  | 
Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.
Hospital Email Security in Critical Condition as DMARC Adoption Lags
News  |  6/14/2017  | 
Healthcare providers put patient data at risk by failing to protect their email domains with DMARC adoption.
Microsoft Security Updates Include Windows XP, Server 2003
News  |  6/14/2017  | 
Microsoft extends its monthly security updates to respond to a rise in cyberattacks and fix serious flaws in Windows XP and Windows Server 2003.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Relentless Attackers Try Over 100,000 Times Before They Breach a System
News  |  6/14/2017  | 
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques.
Europol Operation Busts Payment Card Identity Theft Ring
News  |  6/13/2017  | 
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
How Bad Data Alters Machine Learning Results
News  |  6/13/2017  | 
Machine learning models tested on single sources of data can prove inaccurate when presented with new sources of information.
A Former FBI Most Wanted Cybercriminal is Extradited to US
Quick Hits  |  6/13/2017  | 
The Latvian man is charged with four counts of wire fraud and unauthorized computer use in a "scareware" scheme that netted more than $2 million.
Businesses Spend 1,156 Hours Per Week on Endpoint Security
News  |  6/13/2017  | 
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
WannaCry 'Scareware' Driving Downloads of Bogus Anti-Virus Apps
Quick Hits  |  6/13/2017  | 
Fake anti-virus apps account for 12.2% of active AV apps in the Google Play store, of which roughly one in 10 are blacklisted, according to a report released today.
Deep Learning's Growing Impact on Security
Commentary  |  6/13/2017  | 
Neural networks are now practical for real-world applications, cutting back on work needed from analysts.
New Malware-as-a-Service Offerings Target Mac OS X
News  |  6/12/2017  | 
MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Commentary  |  6/12/2017  | 
Intruders often understand the networks they target better than their defenders do.
How End-User Devices Get Hacked: 8 Easy Ways
Slideshows  |  6/9/2017  | 
Security experts share the simplest and most effective methods bad guys employ to break into end-user devices.
New Attack Method Delivers Malware Via Mouse Hover
News  |  6/9/2017  | 
'Mouseover' technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.
Your Information Isn't Being Hacked, It's Being Neglected
Commentary  |  6/9/2017  | 
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
From Reporter to Private Investigator to Security Engineer
Commentary  |  6/8/2017  | 
How I fell in love with coding and traded in a camera-rigged Prius for a MacBook and a GitHub account.
The Economics of Software Security: What Car Makers Can Teach Enterprises
Commentary  |  6/8/2017  | 
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Outdated Operating Systems, Browsers Correlate with Real Data Breaches
News  |  6/8/2017  | 
Study shows companies running out-of-date OSes were three times more likely to suffer a data breach, and those with the outdated browsers, two times more likely.
Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
News  |  6/7/2017  | 
(ISC)2 report shows the skills shortage is getting worse.
Why Compromised Identities Are ITs Fault
Commentary  |  6/7/2017  | 
The eternal battle between IT and security is the source of the problem.
Cloud, Hackers, Trump Presidency, Drive Security Spend
News  |  6/7/2017  | 
Businesses reevaluate their security spending in response to the growth of cloud, fear of malicious hackers, and the Trump presidency, research finds.
Balancing the Risks of the Internet of Things
Commentary  |  6/7/2017  | 
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
75% of Vulns Shared Online Before NVD Publication
Quick Hits  |  6/7/2017  | 
Research shows more than 75% of vulnerabilities are reported on the dark web, security sites and sources before publication to the National Vulnerability Database.
Outdated Software Commonplace on Enterprise Endpoints
News  |  6/6/2017  | 
Enterprises that stick with older versions of operating systems and other software are missing out on security features in newer versions, Duo Security says.
Why Phishing Season Lasts All Year for Top US Retailers
Commentary  |  6/6/2017  | 
No major brand is immune from cyber squatters; the more popular the company, the more look-alike domains phishers register as bait. Here are some techniques to watch out for.
Slack, Telegram, Other Chat Apps Being Used as Malware Control Channels
News  |  6/6/2017  | 
Cybercriminal are abusing third-party chat apps as command-and-control infrastructures to spread their malware.
Advice for Windows Migrations: Automate as Much as Possible
Commentary  |  6/6/2017  | 
The security lessons Riverside Health System learned when moving to Windows 7 will help it quickly move to Windows 10.
Sabre, Travelport Hacker Sentenced to Prison
Quick Hits  |  6/6/2017  | 
A West African man who stole airlines tickets from Global Distribution System companies via a phishing campaign and fraud operation was sentenced to prison for four years and 10 months.
WannaCry Exploit Could Infect Windows 10
News  |  6/6/2017  | 
The EternalBlue remote kernel exploit used in WannaCry could be used to infect unpatched Windows 10 machines with malware, researchers find.
Number of CISOs Rose 15% This Year
News  |  6/5/2017  | 
Although the number of CISOs increased to 65% of organizations, it could just be a case of "window dressing," new ISACA report shows.
Majority of DDoS Attacks are Short, Low-Volume Bursts
Quick Hits  |  6/5/2017  | 
DDoS attacks largely fall into the camp of short, low-volume sieges, but large-volume attacks are sharply on the rise, according to a study released today.
Securely Managing Employee Turnover: 3 Tips
Commentary  |  6/5/2017  | 
Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.
Cosmetic Surgery Clinic's Photos Released in Cyber Blackmail Attack
Quick Hits  |  6/2/2017  | 
A Lithuanian cosmetic surgery clinic is breached, with attackers releasing more than 25,000 patient photos, some of them nude, following a blackmail scheme.
It's About Time: Where Attackers Have the Upper Hand
News  |  6/2/2017  | 
Businesses take a median of 38 days to detect cybercrime, but can decrease the impact of a breach with faster incident response.
Hollywood Film Studio Seeks Up-And-Coming Hackers for Reality TV Show
Quick Hits  |  6/2/2017  | 
New program on major cable network will feature competitions, personalities.
How to Succeed at Incident Response Metrics
Commentary  |  6/2/2017  | 
Establishing a baseline of what information you need is an essential first step.
Security & Development: Better Together
Commentary  |  6/1/2017  | 
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
Putin Points to Patriotic Russian Hackers as Possible Culprits
Quick Hits  |  6/1/2017  | 
Russian President Vladimir Putin denies nation-backed hacking but says patriotic hackers may be targeting countries that are at odds with his country.
FBI: 8 Steps to Prevent Phishing Attacks
Quick Hits  |  6/1/2017  | 
Federal agency offers up best practices for businesses to lock down their operations against phishing attacks.
Chinese 'Fireball' Malware Infects 20% of Global Corporate Networks
News  |  6/1/2017  | 
The Fireball malware has infected over 250 million computers and is capable of executing code on all of them, raising potential for large-scale damage.
DNS Is Still the Achilles Heel of the Internet
Partner Perspectives  |  6/1/2017  | 
Domain Name Services is too important to do without, so we better make sure its reliable and incorruptible
SMB Security: Dont Leave the Smaller Companies Behind
Commentary  |  6/1/2017  | 
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
<<   <   Page 2 / 2


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.