Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2014
CryptoWall More Pervasive, Less Profitable Than CryptoLocker
News  |  8/28/2014  | 
The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
News  |  8/27/2014  | 
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
How I Hacked My Home, IoT Style
Commentary  |  8/27/2014  | 
It didnt take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
Top 5 Reasons Your Small Business Website is Under Attack
Commentary  |  8/26/2014  | 
There is no such thing as too small to hack. If a business has a website, hackers can exploit it.
All In For The Coming World of 'Things'
Commentary  |  8/25/2014  | 
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
Flash Poll: CSOs Need A New Boss
Commentary  |  8/22/2014  | 
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
Hacker Or Military? Best Of Both In Cyber Security
Commentary  |  8/21/2014  | 
How radically different approaches play out across the security industry.
Heartbleed Not Only Reason For Health Systems Breach
News  |  8/20/2014  | 
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
Debugging The Myths Of Heartbleed
Commentary  |  8/20/2014  | 
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
Q&A: DEF CON At 22
News  |  8/19/2014  | 
DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CON's evolution, the NSA fallout, and wider security awareness.
Why John McAfee Is Paranoid About Mobile
Commentary  |  8/19/2014  | 
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
Cloud Apps & Security: When Sharing Matters
Commentary  |  8/18/2014  | 
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
Infographic: 70 Percent of World's Critical Utilities Breached
Commentary  |  8/15/2014  | 
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
Test Drive: GFI LanGuard 2014
Commentary  |  8/15/2014  | 
LanGuard worked well in the lab and may prove more beneficial to IT operations than security teams.
Why Patching Makes My Heart Bleed
Commentary  |  8/14/2014  | 
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
Internet Of Things Security Reaches Tipping Point
News  |  8/13/2014  | 
Public safety issues bubble to the top in security flaw revelations.
Security Holes Exposed In Trend Micro, Websense, Open Source DLP
News  |  8/12/2014  | 
Researchers Zach Lanier and Kelly Lum at Black Hat USA took the wraps off results of their security testing of popular data loss prevention software.
CloudBot: A Free, Malwareless Alternative To Traditional Botnets
News  |  8/11/2014  | 
Researchers take advantage of cloud service providers' free trials and lousy anti-automation controls to use cloud instances like bots.
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Commentary  |  8/11/2014  | 
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
The Hyperconnected World Has Arrived
Commentary  |  8/8/2014  | 
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
Heartbleed, GotoFail Bring Home Pwnie Awards
Quick Hits  |  8/7/2014  | 
The Pwnie Awards celebrate the best bug discoveries and worst security fails.
Dan Geer Touts Liability Policies For Software Vulnerabilities
News  |  8/6/2014  | 
Vendor beware. At Black Hat, Dan Geer suggests legislation to change product liability and abandonment rules for vulnerable and unsupported software.
The Illegitimate Milliners Guide to Black Hat
Commentary  |  8/6/2014  | 
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
5 Steps To Supply Chain Security
News  |  8/6/2014  | 
The integrity of enterprise data is only as strong as your most vulnerable third-party supplier or business partner. It's time to shore up these connection points.
How Malware Writers Cheat AV Zero-Day Detection
News  |  8/4/2014  | 
A researcher reverse engineers AVG's code emulation engine after easily bypassing other major antivirus software products.
Is IT The New Boss Of Video Surveillance?
Commentary  |  8/4/2014  | 
ITs participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Heres why corporate infosec needs to pay attention.
'Backoff' Malware: Time To Step Up Remote Access Security
Commentary  |  8/1/2014  | 
DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches.
LIVE From Las Vegas: Dark Reading Radio at Black Hat
Commentary  |  8/1/2014  | 
If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.