Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2019
<<   <   Page 2 / 2
FBI Warns of Dangers in 'Safe' Websites
News  |  6/11/2019  | 
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
Getting Up to Speed on Magecart
Commentary  |  6/11/2019  | 
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
Huawei Represents Massive Supply Chain Risk: Report
News  |  6/10/2019  | 
The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.
Federal Photos Filched in Contractor Breach
Quick Hits  |  6/10/2019  | 
Data should never have been on subcontractor's servers, says Customs and Border Protection.
Cognitive Bias Can Hamper Security Decisions
News  |  6/10/2019  | 
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
Voting Machine Vendor Shifts Gears & Pushes for Backup Paper Ballots
Quick Hits  |  6/10/2019  | 
Election Systems & Software will 'no longer sell paperless voting machines,' CEO said.
GoldBrute Botnet Brute-Forcing 1.5M RDP Servers
Quick Hits  |  6/10/2019  | 
Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
Dark Web Becomes a Haven for Targeted Hits
News  |  6/7/2019  | 
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.
Vulnerability Found in Millions of Email Systems
Quick Hits  |  6/7/2019  | 
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
News  |  6/7/2019  | 
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.
The Minefield of Corporate Email
News  |  6/7/2019  | 
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
6 Security Scams Set to Sweep This Summer
Slideshows  |  6/6/2019  | 
Experts share the cybersecurity threats to watch for and advice to stay protected.
Cyber Talent Gap? Don't Think Like Tinder!
Commentary  |  6/6/2019  | 
If your company truly is a great place to work, make sure your help-wanted ads steer clear of these common job-listing clichs.
Inside the Criminal Businesses Built to Target Enterprises
News  |  6/6/2019  | 
Researchers witness an increase in buying and selling targeted hacking services, custom malware, and corporate network access on the Dark Web.
When Security Goes Off the Rails
Commentary  |  6/6/2019  | 
Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis.
Researchers Finds Thousands of iOS Apps Ignoring Security
News  |  6/5/2019  | 
A critical data encryption tool, included by default in iOS, is being turned off in more than two-thirds of popular apps.
How to Get the Most Benefits from Biometrics
Commentary  |  6/5/2019  | 
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
NSA Issues Advisory for 'BlueKeep' Vulnerability
Quick Hits  |  6/5/2019  | 
The National Security Agency joins Microsoft in urging Windows admins to patch 'wormable' bug CVE-2019-0708.
CISOs & CIOs: Better Together
Commentary  |  6/5/2019  | 
An overview of three common organizational structures illustrates how NOT to pit chief security and IT execs against each other.
Adware Hidden in Android Apps Downloaded More Than 440 Million Times
News  |  6/4/2019  | 
The heavily obfuscated adware was found in 238 different apps on Google Play.
2.8 Billion US Consumer Records Lost in 2018
Quick Hits  |  6/4/2019  | 
Healthcare breaches grew 400%, study shows.
How Today's Cybercriminals Sneak into Your Inbox
News  |  6/4/2019  | 
The tactics and techniques most commonly used to slip past security defenses and catch employees off guard.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
7 Container Components That Increase a Network's Security
Slideshows  |  6/4/2019  | 
A proof of concept at Interop19 showed just how simple a container deployment can be.
What Cyber Skills Shortage?
Commentary  |  6/4/2019  | 
Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Heres how.
Microsoft Urges Businesses to Patch 'BlueKeep' Flaw
News  |  6/3/2019  | 
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.
Majority of C-Level Executives Expect a Cyber Breach
Quick Hits  |  6/3/2019  | 
Survey of executives in the US and UK shows that worries abound -- about cyberattacks and the lack of resources to defend against them.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.