Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2017
<<   <   Page 2 / 2
SIEM Training Needs a Better Focus on the Human Factor
Commentary  |  7/18/2017  | 
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
IoT Security Incidents Rampant and Costly
Slideshows  |  7/18/2017  | 
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
New IBM Mainframe Encrypts All the Things
News  |  7/17/2017  | 
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
FBI Issues Warning on IoT Toy Security
Quick Hits  |  7/17/2017  | 
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
Researchers Create Framework to Evaluate Endpoint Security Products
News  |  7/17/2017  | 
Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it.
50% of Ex-Employees Still Have Access to Corporate Applications
Quick Hits  |  7/17/2017  | 
Former employees increase the security risk for organizations failing to de-provision their corporate application accounts.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
Cloud AV Can Serve as an Avenue for Exfiltration
News  |  7/14/2017  | 
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
50,000 Machines Remain Vulnerable to EternalBlue Attacks
News  |  7/14/2017  | 
Researcher's free scanner tool finds many systems remain at risk of EternalBlue-based attacks like WannaCry and NotPetya.
AsTech Offers a $5 Million Security Breach Warranty
Quick Hits  |  7/14/2017  | 
AsTech expands its warranty program with a guarantee it will find Internet application vulnerabilities or it will pay up to $5 million if there is a breach.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Commentary  |  7/14/2017  | 
How digitally savvy organizations can take cyber resilience to a whole new dimension.
US Voters Consider Russia the Largest Security Risk to Elections
Quick Hits  |  7/13/2017  | 
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
News  |  7/12/2017  | 
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
Majority of IT Security Professionals Work Weekends
Quick Hits  |  7/12/2017  | 
A survey finds that 57% of IT security professionals work weekends, and most say they still find their jobs rewarding.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
New SQL Injection Tool Makes Attacks Possible from a Smartphone
News  |  7/12/2017  | 
Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.
Web App Vulnerabilities Decline 25% in 12 Months
News  |  7/11/2017  | 
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol
News  |  7/11/2017  | 
Researchers at Preempt uncovered two critical vulnerabilities in the Windows NTLM security protocols, one of which Microsoft patched today.
IoT Devices Plagued by Lesser-Known Security Hole
News  |  7/10/2017  | 
Internet of Things devices are security-challenged enough, but they're also being massively exposed on the public Internet this time via MQTT communications, a researcher will show at Black Hat USA.
Trump Suggests, Then Pulls Back on Joint Russian Cybersecurity Unit
News  |  7/10/2017  | 
President Donald Trump proposed, and quickly rescinded, the idea of a joint cybersecurity unit with Russian President Vladimir Putin during this week's G20 summit.
Cybercriminal with Ties to Exclusive Russian Hacking Forums Sentenced to Prison
Quick Hits  |  7/10/2017  | 
L.A. resident is sentenced to 110 months in prison for stealing and trafficking sensitive information on exclusive Russian-speaking cybercriminal forums.
How Code Vulnerabilities Can Lead to Bad Accidents
Commentary  |  7/10/2017  | 
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
IoT Physical Attack Exploit to be Revealed at Black Hat
News  |  7/7/2017  | 
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
IRS to Launch Educational Phishing Series
Quick Hits  |  7/7/2017  | 
The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
New Google Security Controls Tighten Third-Party Data Access
News  |  7/6/2017  | 
Google adds OAuth app whitelisting to G Suite so admins can vet third-party applications before users can grant them authorized data access.
CopyCat Malware Infects 14 Million Android Devices
News  |  7/6/2017  | 
A new malware strain is discovered with a novel approach to infecting Android handheld devices with adware.
Sabre Breach Investigation Concludes with Impact Limited
Quick Hits  |  7/6/2017  | 
The travel company finds that attackers gained limited access to a subset of its bookings in its reservation system.
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
News  |  7/6/2017  | 
Significant compromises are not just feared, but expected, Black Hat attendees say.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Bitcoin Funds Stolen from Bithumb Exchange
Quick Hits  |  7/5/2017  | 
Exchange employee's home PC the initial attack vector.
Updates to NotPetya Lead to Server Seizure at Ukrainian Software Firm
News  |  7/5/2017  | 
Police seized servers from Ukraine's Intellect Service as the country scrambles to control a cyberattack allegedly conducted by advanced hackers.
'Crackas With Attitude' Hacker Sentenced for Targeting Government Officials
Quick Hits  |  7/5/2017  | 
A North Carolina man known as 'Incursio' goes to prison for hacking government systems as well as senior government officials.
Researchers Build Firewall to Deflect SS7 Attacks
News  |  7/5/2017  | 
Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...
CVE-2021-40654
PUBLISHED: 2021-09-24
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CVE-2021-40655
PUBLISHED: 2021-09-24
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CVE-2021-41503
PUBLISHED: 2021-09-24
** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to acce...