Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2017
Page 1 / 2   >   >>
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
Anthem Hit with Data Breach of 18,580 Medicare Members
Quick Hits  |  7/31/2017  | 
Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
Healthcare Execs Report Rise in Data Breaches and HIPAA Violations
Quick Hits  |  7/31/2017  | 
IT executives, however, increasingly believe they are "completely ready" to withstand a cybersecurity attack on their healthcare system.
DevOps Security & the Culture of 'Yes'
Commentary  |  7/31/2017  | 
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
DEF CON Rocks the Vote with Live Machine Hacking
News  |  7/28/2017  | 
Jeff Moss, founder of the hacker conference, is planning to host a full-blown election and voting system for hacking in 2018 at DEF CON, complete with a simulated presidential race.
Wannacry Inspires Worm-like Module in Trickbot
News  |  7/28/2017  | 
The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint.
Lethal Dosage of Cybercrime: Hacking the IV Pump
News  |  7/28/2017  | 
At DEF CON, a researcher demonstrated how to attack a popular model of infusion pump used in major hospitals around the world.
Throw Out the Playbooks to Win at Incident Response
Commentary  |  7/28/2017  | 
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack
News  |  7/27/2017  | 
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
Inside the Investigation and Trial of Roman Seleznev
News  |  7/27/2017  | 
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Get Ready for the 2038 'Epocholypse' (and Worse)
News  |  7/27/2017  | 
A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
How to Build a Path Toward Diversity in Information Security
News  |  7/27/2017  | 
Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
The Right to Be Forgotten & the New Era of Personal Data Rights
Commentary  |  7/27/2017  | 
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
Can Your Risk Assessment Stand Up Under Scrutiny?
Partner Perspectives  |  7/27/2017  | 
Weak risk assessments have gotten a pass up until now, but that may be changing.
How Attackers Use Machine Learning to Predict BEC Success
News  |  7/26/2017  | 
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.
Adobe's Move to Kill Flash Is Good for Security
News  |  7/26/2017  | 
In recent years, Flash became one of the buggiest widely used apps out there.
FBI Talks Avalanche Botnet Takedown
News  |  7/26/2017  | 
FBI unit chief Tom Grasso explains the takedown of Avalanche and how the agency approaches botnet infrastructures.
Hacking the Wind
News  |  7/26/2017  | 
A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Iranian Cyber Espionage Group CopyKittens Successful, But Not Skilled
News  |  7/25/2017  | 
Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.
How 'Postcript' Exploits Networked Printers
News  |  7/25/2017  | 
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
Using AI to Break Detection Models
News  |  7/25/2017  | 
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
Regulators Question Wells Fargo Regarding Data Breach
Quick Hits  |  7/25/2017  | 
Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.
Custom Source Code Accounts for 93% of App Vulnerabilities
Quick Hits  |  7/25/2017  | 
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
Weather.com, Fusion Expose Data Via Google Groups Config Error
News  |  7/24/2017  | 
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Slideshows  |  7/24/2017  | 
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
Majority of Security Pros Let Productivity Trump Security
News  |  7/24/2017  | 
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
Bots Make Lousy Dates, But Not Cheap Ones
Commentary  |  7/24/2017  | 
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
Microsoft Rolls Out AI-based Security Risk Detection Tool
News  |  7/21/2017  | 
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
Speed of Windows 10 Adoption Not Affected by WannaCry
News  |  7/21/2017  | 
WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.
Using DevOps to Move Faster than Attackers
News  |  7/20/2017  | 
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
#HackTor: Tor Opens up its Bug Bounty Program
News  |  7/20/2017  | 
The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
US Banks Targeted with Trickbot Trojan
News  |  7/20/2017  | 
Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.
Major Online Criminal Marketplaces AlphaBay and Hansa Shut Down
News  |  7/20/2017  | 
International law enforcement operations result in AlphaBay, the largest online marketplace for selling illegal goods from malware to herion, and Hansa, going dark.
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
News  |  7/20/2017  | 
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
DevOps & Security: Butting Heads for Years but Integration is Happening
Commentary  |  7/20/2017  | 
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
'AVPass' Sneaks Malware Past Android Antivirus Apps
News  |  7/19/2017  | 
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
Online Courses Projected to Drive Credit Card Fraud to $24B by 2018
News  |  7/19/2017  | 
An underground ecosystem provides cybercriminals with online tutorials, tools, and credit card data they need to commit fraud.
98% of Companies Favor Integrating Security with DevOps
News  |  7/19/2017  | 
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
Best of Black Hat: 20 Epic Talks in 20 Years
Slideshows  |  7/19/2017  | 
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
News  |  7/19/2017  | 
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Rapid7 Buys Security Orchestration and Automation Firm Komand
Quick Hits  |  7/18/2017  | 
Rapid7 has acquired Komand with plans to integrate its orchestration and automation technology into the Insights platform.
Dow Jones Data Leak Results from an AWS Configuration Error
News  |  7/18/2017  | 
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Quick Hits  |  7/18/2017  | 
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
Apple iOS Malware Growth Outpaces that of Android
News  |  7/18/2017  | 
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.