Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2019
Page 1 / 2   >   >>
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
News  |  7/31/2019  | 
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Apple Device Management Firm Jamf Acquires Digita Security
Quick Hits  |  7/31/2019  | 
Digita Security's Apple Mac endpoint protection solutions will join Jamf's MDM suite for iOS and MacOS.
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration
News  |  7/31/2019  | 
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
Container Security Is Falling Behind Container Deployments
News  |  7/30/2019  | 
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Capital One Breach Affects 100M US Citizens, 6M Canadians
News  |  7/30/2019  | 
The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
DHS Warns About Security Flaws in Small Airplanes
Quick Hits  |  7/30/2019  | 
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
News  |  7/29/2019  | 
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Quick Hits  |  7/29/2019  | 
Failures in computer and control systems are being blamed.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
9 Things That Don't Worry You Today (But Should)
Slideshows  |  7/29/2019  | 
There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
Quick Hits  |  7/26/2019  | 
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Android Spyware Has Ties to Election Interference
News  |  7/25/2019  | 
Recently revealed surveillance-ware comes from a consultant with close ties to Russia's GRU who was sanctioned by the US for election-tampering.
Louisiana Declares Cybersecurity State of Emergency
Quick Hits  |  7/25/2019  | 
A series of attacks on school district systems leads the governor to declare the state's first cybersecurity state of emergency.
Johannesburg Ransomware Attack Leaves Residents in the Dark
News  |  7/25/2019  | 
The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
NSA to Form New Cybersecurity Directorate
Quick Hits  |  7/24/2019  | 
Anne Neuberger will lead the directorate, which aims to bring together the NSA's offensive and defensive operations.
Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
News  |  7/24/2019  | 
IoT botnetmade up mainly of routershit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data.
DEF CON Invites Kids to Crack Campaign Finance Portals
News  |  7/24/2019  | 
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
New IPS Architecture Uses Network Flow Data for Analysis
News  |  7/23/2019  | 
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'
Penetration Test Data Shows Risk to Domain Admin Credentials
News  |  7/23/2019  | 
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Business Email Compromise: Thinking Beyond Wire Transfers
News  |  7/23/2019  | 
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
News  |  7/23/2019  | 
Reward for vulnerability research climbed 83% in the past year.
Russia Attempted to De-Anonymize Tor Browser: Report
Quick Hits  |  7/23/2019  | 
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
CISA Warns Public About the Risks of 5G
Quick Hits  |  7/23/2019  | 
Vulnerabilities include everything from physical risks through the supply chain to business risks.
The War for Cyber Talent Will Be Won by Retention not Recruitment
Commentary  |  7/23/2019  | 
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
How Cybercriminals Break into the Microsoft Cloud
News  |  7/22/2019  | 
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Firmware Vulnerabilities Show Supply Chain Risks
Quick Hits  |  7/22/2019  | 
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
CISO Pressures: Why the Role Stinks and How to Fix It
Commentary  |  7/22/2019  | 
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
Malware in PyPI Code Shows Supply Chain Risks
News  |  7/19/2019  | 
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Commentary  |  7/19/2019  | 
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
Security Lessons From a New Programming Language
News  |  7/18/2019  | 
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
RDP Bug Takes New Approach to Host Compromise
News  |  7/18/2019  | 
Researchers show how simply connecting to a rogue machine can silently compromise the host.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Slideshows  |  7/18/2019  | 
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Commentary  |  7/18/2019  | 
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
Bulgarian Tax Breach Nets All the Records
Quick Hits  |  7/18/2019  | 
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
79% of US Consumers Fear Webcams Are Watching
Quick Hits  |  7/18/2019  | 
Widespread privacy concerns have caused 60% of people to cover their laptop webcams some in creative ways survey data shows.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
MITRE ATT&CK Framework Not Just for the Big Guys
News  |  7/17/2019  | 
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
News  |  7/17/2019  | 
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
800K Systems Still Vulnerable to BlueKeep
News  |  7/17/2019  | 
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
Sprint Reveals Account Breach via Samsung Website
News  |  7/17/2019  | 
The last-June breach exposed data including names, phone numbers, and account numbers.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.