Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2017
<<   <   Page 2 / 2
Malware Incidents at US SMBs Spiked 165% in Q1
News  |  6/15/2017  | 
Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.
Hospital Email Security in Critical Condition as DMARC Adoption Lags
News  |  6/14/2017  | 
Healthcare providers put patient data at risk by failing to protect their email domains with DMARC adoption.
Microsoft Security Updates Include Windows XP, Server 2003
News  |  6/14/2017  | 
Microsoft extends its monthly security updates to respond to a rise in cyberattacks and fix serious flaws in Windows XP and Windows Server 2003.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Relentless Attackers Try Over 100,000 Times Before They Breach a System
News  |  6/14/2017  | 
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques.
Europol Operation Busts Payment Card Identity Theft Ring
News  |  6/13/2017  | 
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
How Bad Data Alters Machine Learning Results
News  |  6/13/2017  | 
Machine learning models tested on single sources of data can prove inaccurate when presented with new sources of information.
A Former FBI Most Wanted Cybercriminal is Extradited to US
Quick Hits  |  6/13/2017  | 
The Latvian man is charged with four counts of wire fraud and unauthorized computer use in a "scareware" scheme that netted more than $2 million.
Businesses Spend 1,156 Hours Per Week on Endpoint Security
News  |  6/13/2017  | 
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
WannaCry 'Scareware' Driving Downloads of Bogus Anti-Virus Apps
Quick Hits  |  6/13/2017  | 
Fake anti-virus apps account for 12.2% of active AV apps in the Google Play store, of which roughly one in 10 are blacklisted, according to a report released today.
Deep Learning's Growing Impact on Security
Commentary  |  6/13/2017  | 
Neural networks are now practical for real-world applications, cutting back on work needed from analysts.
New Malware-as-a-Service Offerings Target Mac OS X
News  |  6/12/2017  | 
MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Commentary  |  6/12/2017  | 
Intruders often understand the networks they target better than their defenders do.
How End-User Devices Get Hacked: 8 Easy Ways
Slideshows  |  6/9/2017  | 
Security experts share the simplest and most effective methods bad guys employ to break into end-user devices.
New Attack Method Delivers Malware Via Mouse Hover
News  |  6/9/2017  | 
'Mouseover' technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.
Your Information Isn't Being Hacked, It's Being Neglected
Commentary  |  6/9/2017  | 
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
From Reporter to Private Investigator to Security Engineer
Commentary  |  6/8/2017  | 
How I fell in love with coding and traded in a camera-rigged Prius for a MacBook and a GitHub account.
The Economics of Software Security: What Car Makers Can Teach Enterprises
Commentary  |  6/8/2017  | 
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Outdated Operating Systems, Browsers Correlate with Real Data Breaches
News  |  6/8/2017  | 
Study shows companies running out-of-date OSes were three times more likely to suffer a data breach, and those with the outdated browsers, two times more likely.
Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
News  |  6/7/2017  | 
(ISC)2 report shows the skills shortage is getting worse.
Why Compromised Identities Are ITs Fault
Commentary  |  6/7/2017  | 
The eternal battle between IT and security is the source of the problem.
Cloud, Hackers, Trump Presidency, Drive Security Spend
News  |  6/7/2017  | 
Businesses reevaluate their security spending in response to the growth of cloud, fear of malicious hackers, and the Trump presidency, research finds.
Balancing the Risks of the Internet of Things
Commentary  |  6/7/2017  | 
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
75% of Vulns Shared Online Before NVD Publication
Quick Hits  |  6/7/2017  | 
Research shows more than 75% of vulnerabilities are reported on the dark web, security sites and sources before publication to the National Vulnerability Database.
Outdated Software Commonplace on Enterprise Endpoints
News  |  6/6/2017  | 
Enterprises that stick with older versions of operating systems and other software are missing out on security features in newer versions, Duo Security says.
Why Phishing Season Lasts All Year for Top US Retailers
Commentary  |  6/6/2017  | 
No major brand is immune from cyber squatters; the more popular the company, the more look-alike domains phishers register as bait. Here are some techniques to watch out for.
Slack, Telegram, Other Chat Apps Being Used as Malware Control Channels
News  |  6/6/2017  | 
Cybercriminal are abusing third-party chat apps as command-and-control infrastructures to spread their malware.
Advice for Windows Migrations: Automate as Much as Possible
Commentary  |  6/6/2017  | 
The security lessons Riverside Health System learned when moving to Windows 7 will help it quickly move to Windows 10.
Sabre, Travelport Hacker Sentenced to Prison
Quick Hits  |  6/6/2017  | 
A West African man who stole airlines tickets from Global Distribution System companies via a phishing campaign and fraud operation was sentenced to prison for four years and 10 months.
WannaCry Exploit Could Infect Windows 10
News  |  6/6/2017  | 
The EternalBlue remote kernel exploit used in WannaCry could be used to infect unpatched Windows 10 machines with malware, researchers find.
Number of CISOs Rose 15% This Year
News  |  6/5/2017  | 
Although the number of CISOs increased to 65% of organizations, it could just be a case of "window dressing," new ISACA report shows.
Majority of DDoS Attacks are Short, Low-Volume Bursts
Quick Hits  |  6/5/2017  | 
DDoS attacks largely fall into the camp of short, low-volume sieges, but large-volume attacks are sharply on the rise, according to a study released today.
Securely Managing Employee Turnover: 3 Tips
Commentary  |  6/5/2017  | 
Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.
Cosmetic Surgery Clinic's Photos Released in Cyber Blackmail Attack
Quick Hits  |  6/2/2017  | 
A Lithuanian cosmetic surgery clinic is breached, with attackers releasing more than 25,000 patient photos, some of them nude, following a blackmail scheme.
It's About Time: Where Attackers Have the Upper Hand
News  |  6/2/2017  | 
Businesses take a median of 38 days to detect cybercrime, but can decrease the impact of a breach with faster incident response.
Hollywood Film Studio Seeks Up-And-Coming Hackers for Reality TV Show
Quick Hits  |  6/2/2017  | 
New program on major cable network will feature competitions, personalities.
How to Succeed at Incident Response Metrics
Commentary  |  6/2/2017  | 
Establishing a baseline of what information you need is an essential first step.
Security & Development: Better Together
Commentary  |  6/1/2017  | 
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
Putin Points to Patriotic Russian Hackers as Possible Culprits
Quick Hits  |  6/1/2017  | 
Russian President Vladimir Putin denies nation-backed hacking but says patriotic hackers may be targeting countries that are at odds with his country.
FBI: 8 Steps to Prevent Phishing Attacks
Quick Hits  |  6/1/2017  | 
Federal agency offers up best practices for businesses to lock down their operations against phishing attacks.
Chinese 'Fireball' Malware Infects 20% of Global Corporate Networks
News  |  6/1/2017  | 
The Fireball malware has infected over 250 million computers and is capable of executing code on all of them, raising potential for large-scale damage.
DNS Is Still the Achilles Heel of the Internet
Partner Perspectives  |  6/1/2017  | 
Domain Name Services is too important to do without, so we better make sure its reliable and incorruptible
SMB Security: Dont Leave the Smaller Companies Behind
Commentary  |  6/1/2017  | 
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
<<   <   Page 2 / 2


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...