Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2015
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
News  |  7/31/2015  | 
White Hat hacker Samy Kamkars OwnStart device latest to show up vulnerabilities in modern vehicles
There's Another Android Media Vulnerability, But Google Isn't Worried
News  |  7/30/2015  | 
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
From Russia With Love: A Slew of New Hacker Capabilities and Services
News  |  7/30/2015  | 
A review of the Russian underground by Trend Micro reveals it to be the worlds most sophisticated.
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
News  |  7/29/2015  | 
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
Code Theft: Protecting IP At The Source
Commentary  |  7/29/2015  | 
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
News  |  7/28/2015  | 
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
News  |  7/28/2015  | 
Weakness in facility access control protocol leaves most badge-in systems open to attack.
How To Put Data At The Heart Of Your Security Practice
Commentary  |  7/28/2015  | 
First step: A good set of questions that seek out objective, measurable answers.
New Phishing Campaign Leverages Google Drive
News  |  7/28/2015  | 
Researchers believe technique is geared to take over Google SSO accounts.
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
The First 24 Hours In The Wake Of A Data Breach
Commentary  |  7/27/2015  | 
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
Finding The ROI Of Threat Intelligence: 5 Steps
Commentary  |  7/22/2015  | 
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
Angler Climbing To Top Of Exploit Heap
News  |  7/22/2015  | 
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
Hacking Team Detection Tools Released By Rook, Facebook
News  |  7/21/2015  | 
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
Times Running Out For The $76 Billion Detection Industry
Commentary  |  7/21/2015  | 
The one strategy that can deliver the needle to the security team without the haystack is prevention.
Detection: A Balanced Approach For Mitigating Risk
Commentary  |  7/21/2015  | 
Only detection and response can complete the security picture that begins with prevention.
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
News  |  7/20/2015  | 
Retail breaches highlight third-party risk -- again.
How I Learned To Love Active Defense
Commentary  |  7/20/2015  | 
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
News  |  7/16/2015  | 
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
The Insiders: A Rogues Gallery
Commentary  |  7/16/2015  | 
You can defend against an insider threat if you know where to look.
4 Lasting Impacts Of The Hacking Team Leaks
News  |  7/15/2015  | 
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Commentary  |  7/15/2015  | 
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Shared Passwords And No Accountability Plague Privileged Account Use
News  |  7/14/2015  | 
Even IT decision-makers guilty of poor account hygiene.
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
News  |  7/14/2015  | 
New auto industry ISAC is now official, with major automakers as the charter members.
Cybersecurity Gains Higher Profile Among Chief Financial Officers
News  |  7/14/2015  | 
Deloitte study shows CFOs view security risks as a top threat to financial health.
OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability
News  |  7/9/2015  | 
Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month.
Creating Your Own Threat Intel Through Hunting & Visualization
Commentary  |  7/9/2015  | 
How security analysts armed with a visual interface can use data science to find hidden attacks and the unknown unknowns.
Hacking Team 0-Day Shows Widespread Dangers Of All Offense, No Defense
News  |  7/8/2015  | 
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
The Role of the Board In Cybersecurity: Learn, Ensure, Inspect
Commentary  |  7/8/2015  | 
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
Cybercriminal Group Spying On US, European Businesses For Profit
News  |  7/8/2015  | 
Symantec, Kaspersky Lab spot Morpho' hacking team that hit Apple, Microsoft, Facebook and Twitter expanding its targets to lucrative industries for possible illegal trading purposes.
6 Emerging Android Threats
Slideshows  |  7/7/2015  | 
A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month.
New Google Search Poisoning Method Cloaks With PDF Docs
News  |  7/7/2015  | 
Using PDF documents to keyword stuff is growing in popularity as it circumvents anti-cloaking mechanisms in Google's algorithms.
The Rise Of Social Media Botnets
Commentary  |  7/7/2015  | 
In the social Internet, building a legion of interconnected bots -- all accessible from a single computer -- is quicker and easier than ever before.
Cloud & The Security Skills Gap
Cloud & The Security Skills Gap
Dark Reading Videos  |  7/6/2015  | 
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
FBI Offering $4.3 Million For Help Finding Cyber Most-Wanted
Quick Hits  |  7/2/2015  | 
Big prize still going to whomever can help find Gameover ZeuS mastermind.
Smart Cities' 4 Biggest Security Challenges
News  |  7/1/2015  | 
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
Why We Need In-depth SAP Security Training
Commentary  |  7/1/2015  | 
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15943
PUBLISHED: 2019-09-19
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.