Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2016
Page 1 / 2   >   >>
8 Bad Ass Tools Coming Out Of Black Hat
Slideshows  |  7/30/2016  | 
Penetration testing, reverse engineering and other security tools that will be explained and released at Black Hat 2016.
Second Democratic Party Website Hacked
News  |  7/29/2016  | 
In a DNC-like attack, pro-Russian hackers broke into a website belonging to the Democratic Congressional Campaign Committee -- and reportedly also the Clinton campaign website.
5 Things We Know So Far About The DNC Hack
Slideshows  |  7/29/2016  | 
The plot thickens this week as Donald Trump openly calls on Russia to release Hillary Clintons emails. All roads appear to lead to Russia in the DNC -- and now possibly the DCCC -- hacks.
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
Google Adds New Kernel-Level Protections For Android
News  |  7/28/2016  | 
Measures include kernel memory controls and features to reduce attack surface.
Multiple Major Security Products Open To Big Vulns Via 'Hooking Engines'
News  |  7/28/2016  | 
Black Hat USA talk will show how flawed implementation of hooking techniques are putting security and other software at risk.
KPMG Study: Breaches Up, Security Spending Down
News  |  7/28/2016  | 
81 percent admitted to a recent breach but less than half said they'd invested more in security as a result
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
7 Ways To Charm Users Out of Their Passwords
Slideshows  |  7/27/2016  | 
While the incentives have changed over time, it still takes remarkably little to get users to give up their passwords.
The Internet Of Tiny Things: What Lurks Inside
Commentary  |  7/27/2016  | 
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
Cybersecurity Skills Shortage Puts Organizations At Risk, Study Shows
News  |  7/27/2016  | 
The oft-discussed and lamented cybersecurity skills gap isnt just a hiring issue, its putting your organization at risk, Intel Security-CSIS study finds.
In Security, Know That You Know Nothing
Commentary  |  7/26/2016  | 
Only when security professionals become aware of what they dont know, can they start asking the right questions and implementing the right security controls.
'MouseJack' Researchers Uncover Major Wireless Keyboard Vulnerability
News  |  7/26/2016  | 
KeySniffer attack shows two-thirds of low-cost wireless keyboards prone to keystroke capture and malicious keystroke injection.
SentinelOne Offers $1 Million Guarantee To Stop Ransomware
News  |  7/26/2016  | 
Jeremiah Grossman continues his crusade to make security vendors take responsibility for their own gear.
New Portal Offers Decryption Tools For Some Ransomware Victims
News  |  7/25/2016  | 
Nomoreransom.org, a joint initiative between Europol, the Dutch National Police, Kaspersky Lab and Intel Security, offers help in getting encrypted data back.
10 Hottest Talks at Black Hat USA 2016
Slideshows  |  7/25/2016  | 
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
Building Black Hat: Locking Down One Of The Worlds Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Ways To Protect HR From Ransomware
News  |  7/22/2016  | 
Bad actors are now looking to hold for ransom sensitive information stored in personnel records in the human resources department and other highly sensitive corporate operations.
7 Ways To Lock Down Your Privileged Accounts
Slideshows  |  7/22/2016  | 
Admin passwords contained within privileged accounts can open up the keys to the kingdom to determined attackers. Here's how to stop them.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Asia Mulls Europol-Style Agency To Fight Cybercrime
Quick Hits  |  7/22/2016  | 
Asian ministers hold closed-door meeting in Singapore to chalk out strategy for such an organization.
Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity
News  |  7/21/2016  | 
Goal is to provide car manufactures with guidelines for protecting modern vehicles against emerging cyber threats
Tools & Training To Hack Yourself Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
Majority Of Companies Say Trade Secrets Likely Compromised
News  |  7/21/2016  | 
About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals
Teslas Data Collection May Help In Autopilot Defense
Quick Hits  |  7/21/2016  | 
The automotive company can use its data collection software to fight liability if involved in Florida crash case, say lawyers.
Security Gets Political With Hacks, Darknet Sales
News  |  7/21/2016  | 
As presidential campaigns get into full swing, neither party is immune to online chicanery -- and neither are voters
Improving Attribution & Malware Identification With Machine Learning
News  |  7/20/2016  | 
New technique may be able to predict not only whether unfamiliar, unknown code is malicious, but also what family it is and who it came from.
Ex-Cardinal Exec Jailed For Hacking Astros
Quick Hits  |  7/20/2016  | 
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobiles simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Ransomware Victims Rarely Pay The Full Ransom Price
News  |  7/18/2016  | 
The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds.
Locking Down Windows 10: 6 New Features
Slideshows  |  7/18/2016  | 
The latest version of Windows includes expanded identity and access controls, advanced Bitlocker encryption, and new malware protections.
UK Rail Hit By Four Cyberattacks In One Year
Quick Hits  |  7/18/2016  | 
No disruption to rail network caused, hackers appear to be nation-states, says cybersecurity firm Darktrace.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
Staying Cyber Safe At The Olympics
Slideshows  |  7/16/2016  | 
Travel tips and more in hostile environments abroad.
New HIPAA Guidance Tackles Ransomware Epidemic In Healthcare
Quick Hits  |  7/15/2016  | 
HHS addresses ransomware infections in wake of healthcare attacks.
Meet The Teams In DARPA's All-Machine Hacking Tournament
Slideshows  |  7/15/2016  | 
"Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities.
What SMBs Need To Know About Security But Are Afraid To Ask
Slideshows  |  7/14/2016  | 
A comprehensive set of new payment protection resources from the PCI Security Standards Council aims to help small- and medium-sized businesses make security a priority.
Sandia Labs Researchers Build DNA-Based Encrypted Storage
News  |  7/14/2016  | 
Researchers at Sandia National Laboratories in New Mexico are experimenting with encrypted DNA storage for archival applications.
Context-Rich And Context-Aware Cybersecurity
Partner Perspectives  |  7/14/2016  | 
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
Purple Teaming: Red & Blue Living Together, Mass Hysteria
News  |  7/13/2016  | 
When you set focused objectives for the red team, you get your blue team to work the weak muscles they need trained most.
AirbnBreach: How Networks At Short-Term Rentals Are Wide Open To Attack
News  |  7/13/2016  | 
New age of community lodging opens the door for old-school network hacks, putting hosts and guests at risk of cyberattacks and stolen personal information.
Adobe Fixes 52 Vulnerabilities In Flash
Quick Hits  |  7/13/2016  | 
Updated version fixes CVEs that allowed remote code execution on affected machines.
Fiat Chrysler Launches Bug Bounty Program
Quick Hits  |  7/13/2016  | 
Platform will be leveraged to identify and resolve security issues in automobile software.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Heres what piques my interest this year.
Covert Voice Commands Can Hack A Smartphone
News  |  7/12/2016  | 
Researchers from Georgetown University and the University of California, Berkeley say cybercriminals could use hidden voice commands via popular YouTube videos to infect Androids and iPhones with malware.
Profiles Of The Top 7 Bug Hunters From Around the Globe
Slideshows  |  7/12/2016  | 
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
Does Defense In Depth Still Work Against Todays Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
An Inside Look At The New Apple Mac Malware 'Eleanor'
Slideshows  |  7/8/2016  | 
Researchers from Bitdefender find security hole that opens up a backdoor to the Mac OS X system.
Hacking A Penetration Tester
News  |  7/7/2016  | 
How even a pen test conducted by a security pro can be hacked by a determined attacker looking for a way to its target.
Ripping Away The Mobile Security Blanket
News  |  7/7/2016  | 
Upcoming Black Hat USA talk will highlight vulns in Good Technology platform and discuss the dangers of overreliance on enterprise mobility security suites.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.