Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2019
Page 1 / 2   >   >>
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
News  |  7/31/2019  | 
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Apple Device Management Firm Jamf Acquires Digita Security
Quick Hits  |  7/31/2019  | 
Digita Security's Apple Mac endpoint protection solutions will join Jamf's MDM suite for iOS and MacOS.
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration
News  |  7/31/2019  | 
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
Container Security Is Falling Behind Container Deployments
News  |  7/30/2019  | 
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Capital One Breach Affects 100M US Citizens, 6M Canadians
News  |  7/30/2019  | 
The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
DHS Warns About Security Flaws in Small Airplanes
Quick Hits  |  7/30/2019  | 
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
News  |  7/29/2019  | 
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Quick Hits  |  7/29/2019  | 
Failures in computer and control systems are being blamed.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
9 Things That Don't Worry You Today (But Should)
Slideshows  |  7/29/2019  | 
There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
Quick Hits  |  7/26/2019  | 
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Android Spyware Has Ties to Election Interference
News  |  7/25/2019  | 
Recently revealed surveillance-ware comes from a consultant with close ties to Russia's GRU who was sanctioned by the US for election-tampering.
Louisiana Declares Cybersecurity State of Emergency
Quick Hits  |  7/25/2019  | 
A series of attacks on school district systems leads the governor to declare the state's first cybersecurity state of emergency.
Johannesburg Ransomware Attack Leaves Residents in the Dark
News  |  7/25/2019  | 
The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
NSA to Form New Cybersecurity Directorate
Quick Hits  |  7/24/2019  | 
Anne Neuberger will lead the directorate, which aims to bring together the NSA's offensive and defensive operations.
Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
News  |  7/24/2019  | 
IoT botnetmade up mainly of routershit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data.
DEF CON Invites Kids to Crack Campaign Finance Portals
News  |  7/24/2019  | 
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
New IPS Architecture Uses Network Flow Data for Analysis
News  |  7/23/2019  | 
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'
Penetration Test Data Shows Risk to Domain Admin Credentials
News  |  7/23/2019  | 
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Business Email Compromise: Thinking Beyond Wire Transfers
News  |  7/23/2019  | 
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
News  |  7/23/2019  | 
Reward for vulnerability research climbed 83% in the past year.
Russia Attempted to De-Anonymize Tor Browser: Report
Quick Hits  |  7/23/2019  | 
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
CISA Warns Public About the Risks of 5G
Quick Hits  |  7/23/2019  | 
Vulnerabilities include everything from physical risks through the supply chain to business risks.
The War for Cyber Talent Will Be Won by Retention not Recruitment
Commentary  |  7/23/2019  | 
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
How Cybercriminals Break into the Microsoft Cloud
News  |  7/22/2019  | 
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Firmware Vulnerabilities Show Supply Chain Risks
Quick Hits  |  7/22/2019  | 
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
CISO Pressures: Why the Role Stinks and How to Fix It
Commentary  |  7/22/2019  | 
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
Malware in PyPI Code Shows Supply Chain Risks
News  |  7/19/2019  | 
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Commentary  |  7/19/2019  | 
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
Security Lessons From a New Programming Language
News  |  7/18/2019  | 
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
RDP Bug Takes New Approach to Host Compromise
News  |  7/18/2019  | 
Researchers show how simply connecting to a rogue machine can silently compromise the host.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Slideshows  |  7/18/2019  | 
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Commentary  |  7/18/2019  | 
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
Bulgarian Tax Breach Nets All the Records
Quick Hits  |  7/18/2019  | 
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
79% of US Consumers Fear Webcams Are Watching
Quick Hits  |  7/18/2019  | 
Widespread privacy concerns have caused 60% of people to cover their laptop webcams some in creative ways survey data shows.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
MITRE ATT&CK Framework Not Just for the Big Guys
News  |  7/17/2019  | 
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
News  |  7/17/2019  | 
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
800K Systems Still Vulnerable to BlueKeep
News  |  7/17/2019  | 
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
Sprint Reveals Account Breach via Samsung Website
News  |  7/17/2019  | 
The last-June breach exposed data including names, phone numbers, and account numbers.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
Page 1 / 2   >   >>


Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: How do you like our new spear phishing email solution?
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.