Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2018
Page 1 / 2   >   >>
Natural Language Processing Fights Social Engineers
News  |  6/29/2018  | 
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
The 6 Worst Insider Attacks of 2018 So Far
Slideshows  |  6/29/2018  | 
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
Botnets Evolving to Mobile Devices
News  |  6/28/2018  | 
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
65% of Resold Memory Cards Still Pack Personal Data
News  |  6/28/2018  | 
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Quick Hits  |  6/28/2018  | 
Marketing data firm left its massive database open to the Internet.
Ticketmaster UK Warns Thousands of Data Breach
Quick Hits  |  6/28/2018  | 
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
Commentary  |  6/27/2018  | 
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
News  |  6/27/2018  | 
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
Hundreds of Hotels Hit in FastBooking Breach
Quick Hits  |  6/27/2018  | 
The hotel-booking software provider reports an actor stole personal and payment card data of guests from hundreds of properties.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Commentary  |  6/27/2018  | 
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Insider Dangers Are Hiding in Collaboration Tools
News  |  6/26/2018  | 
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
US Announces Arrests in Ghanian Fraud Schemes
Quick Hits  |  6/26/2018  | 
Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
News  |  6/25/2018  | 
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes
Quick Hits  |  6/25/2018  | 
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices.
Secure Code: You Are the Solution to Open Sources Biggest Problem
Commentary  |  6/25/2018  | 
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Destructive Nation-State Cyberattacks Will Rise
News  |  6/21/2018  | 
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Quick Hits  |  6/21/2018  | 
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Exposed Container Orchestration Systems Putting Many Orgs at Risk
News  |  6/18/2018  | 
More than 22,600 open container orchestration and API management systems discovered on the Internet.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Hackers Crack iPhone Defense Built to Block Forensic Tools
Quick Hits  |  6/15/2018  | 
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Commentary  |  6/14/2018  | 
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Mobile App Threats Continue to Grow
News  |  6/14/2018  | 
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
23,000 Compromised in HealthEquity Data Breach
Quick Hits  |  6/14/2018  | 
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Blockchain All the Rage But Comes With Numerous Risks
News  |  6/13/2018  | 
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3758
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.