Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2016
Page 1 / 2   >   >>
8 Bad Ass Tools Coming Out Of Black Hat
Slideshows  |  7/30/2016  | 
Penetration testing, reverse engineering and other security tools that will be explained and released at Black Hat 2016.
Second Democratic Party Website Hacked
News  |  7/29/2016  | 
In a DNC-like attack, pro-Russian hackers broke into a website belonging to the Democratic Congressional Campaign Committee -- and reportedly also the Clinton campaign website.
5 Things We Know So Far About The DNC Hack
Slideshows  |  7/29/2016  | 
The plot thickens this week as Donald Trump openly calls on Russia to release Hillary Clintons emails. All roads appear to lead to Russia in the DNC -- and now possibly the DCCC -- hacks.
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
Google Adds New Kernel-Level Protections For Android
News  |  7/28/2016  | 
Measures include kernel memory controls and features to reduce attack surface.
Multiple Major Security Products Open To Big Vulns Via 'Hooking Engines'
News  |  7/28/2016  | 
Black Hat USA talk will show how flawed implementation of hooking techniques are putting security and other software at risk.
KPMG Study: Breaches Up, Security Spending Down
News  |  7/28/2016  | 
81 percent admitted to a recent breach but less than half said they'd invested more in security as a result
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
7 Ways To Charm Users Out of Their Passwords
Slideshows  |  7/27/2016  | 
While the incentives have changed over time, it still takes remarkably little to get users to give up their passwords.
The Internet Of Tiny Things: What Lurks Inside
Commentary  |  7/27/2016  | 
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
Cybersecurity Skills Shortage Puts Organizations At Risk, Study Shows
News  |  7/27/2016  | 
The oft-discussed and lamented cybersecurity skills gap isnt just a hiring issue, its putting your organization at risk, Intel Security-CSIS study finds.
In Security, Know That You Know Nothing
Commentary  |  7/26/2016  | 
Only when security professionals become aware of what they dont know, can they start asking the right questions and implementing the right security controls.
'MouseJack' Researchers Uncover Major Wireless Keyboard Vulnerability
News  |  7/26/2016  | 
KeySniffer attack shows two-thirds of low-cost wireless keyboards prone to keystroke capture and malicious keystroke injection.
SentinelOne Offers $1 Million Guarantee To Stop Ransomware
News  |  7/26/2016  | 
Jeremiah Grossman continues his crusade to make security vendors take responsibility for their own gear.
New Portal Offers Decryption Tools For Some Ransomware Victims
News  |  7/25/2016  | 
Nomoreransom.org, a joint initiative between Europol, the Dutch National Police, Kaspersky Lab and Intel Security, offers help in getting encrypted data back.
10 Hottest Talks at Black Hat USA 2016
Slideshows  |  7/25/2016  | 
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
Building Black Hat: Locking Down One Of The Worlds Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Ways To Protect HR From Ransomware
News  |  7/22/2016  | 
Bad actors are now looking to hold for ransom sensitive information stored in personnel records in the human resources department and other highly sensitive corporate operations.
7 Ways To Lock Down Your Privileged Accounts
Slideshows  |  7/22/2016  | 
Admin passwords contained within privileged accounts can open up the keys to the kingdom to determined attackers. Here's how to stop them.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Asia Mulls Europol-Style Agency To Fight Cybercrime
Quick Hits  |  7/22/2016  | 
Asian ministers hold closed-door meeting in Singapore to chalk out strategy for such an organization.
Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity
News  |  7/21/2016  | 
Goal is to provide car manufactures with guidelines for protecting modern vehicles against emerging cyber threats
Majority Of Companies Say Trade Secrets Likely Compromised
News  |  7/21/2016  | 
About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals
Tools & Training To Hack Yourself Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
Teslas Data Collection May Help In Autopilot Defense
Quick Hits  |  7/21/2016  | 
The automotive company can use its data collection software to fight liability if involved in Florida crash case, say lawyers.
Security Gets Political With Hacks, Darknet Sales
News  |  7/21/2016  | 
As presidential campaigns get into full swing, neither party is immune to online chicanery -- and neither are voters
Improving Attribution & Malware Identification With Machine Learning
News  |  7/20/2016  | 
New technique may be able to predict not only whether unfamiliar, unknown code is malicious, but also what family it is and who it came from.
Ex-Cardinal Exec Jailed For Hacking Astros
Quick Hits  |  7/20/2016  | 
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobiles simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Ransomware Victims Rarely Pay The Full Ransom Price
News  |  7/18/2016  | 
The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds.
Locking Down Windows 10: 6 New Features
Slideshows  |  7/18/2016  | 
The latest version of Windows includes expanded identity and access controls, advanced Bitlocker encryption, and new malware protections.
UK Rail Hit By Four Cyberattacks In One Year
Quick Hits  |  7/18/2016  | 
No disruption to rail network caused, hackers appear to be nation-states, says cybersecurity firm Darktrace.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
Staying Cyber Safe At The Olympics
Slideshows  |  7/16/2016  | 
Travel tips and more in hostile environments abroad.
New HIPAA Guidance Tackles Ransomware Epidemic In Healthcare
Quick Hits  |  7/15/2016  | 
HHS addresses ransomware infections in wake of healthcare attacks.
Meet The Teams In DARPA's All-Machine Hacking Tournament
Slideshows  |  7/15/2016  | 
"Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities.
What SMBs Need To Know About Security But Are Afraid To Ask
Slideshows  |  7/14/2016  | 
A comprehensive set of new payment protection resources from the PCI Security Standards Council aims to help small- and medium-sized businesses make security a priority.
Sandia Labs Researchers Build DNA-Based Encrypted Storage
News  |  7/14/2016  | 
Researchers at Sandia National Laboratories in New Mexico are experimenting with encrypted DNA storage for archival applications.
Context-Rich And Context-Aware Cybersecurity
Partner Perspectives  |  7/14/2016  | 
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
Purple Teaming: Red & Blue Living Together, Mass Hysteria
News  |  7/13/2016  | 
When you set focused objectives for the red team, you get your blue team to work the weak muscles they need trained most.
AirbnBreach: How Networks At Short-Term Rentals Are Wide Open To Attack
News  |  7/13/2016  | 
New age of community lodging opens the door for old-school network hacks, putting hosts and guests at risk of cyberattacks and stolen personal information.
Adobe Fixes 52 Vulnerabilities In Flash
Quick Hits  |  7/13/2016  | 
Updated version fixes CVEs that allowed remote code execution on affected machines.
Fiat Chrysler Launches Bug Bounty Program
Quick Hits  |  7/13/2016  | 
Platform will be leveraged to identify and resolve security issues in automobile software.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year.
Covert Voice Commands Can Hack A Smartphone
News  |  7/12/2016  | 
Researchers from Georgetown University and the University of California, Berkeley say cybercriminals could use hidden voice commands via popular YouTube videos to infect Androids and iPhones with malware.
Profiles Of The Top 7 Bug Hunters From Around the Globe
Slideshows  |  7/12/2016  | 
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
Does Defense In Depth Still Work Against Todays Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
An Inside Look At The New Apple Mac Malware 'Eleanor'
Slideshows  |  7/8/2016  | 
Researchers from Bitdefender find security hole that opens up a backdoor to the Mac OS X system.
Hacking A Penetration Tester
News  |  7/7/2016  | 
How even a pen test conducted by a security pro can be hacked by a determined attacker looking for a way to its target.
Ripping Away The Mobile Security Blanket
News  |  7/7/2016  | 
Upcoming Black Hat USA talk will highlight vulns in Good Technology platform and discuss the dangers of overreliance on enterprise mobility security suites.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...