Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2015
Sights & Sounds Of Black Hat USA And DEF CON
Slideshows  |  8/31/2015  | 
Some hackers call the week of Black Hat USA and DEF CON 'security summer camp' -- a look at some of the highlights of the two shows.
A CISO's View of Mobile Security Strategy, With Stacey Halota
A CISO's View of Mobile Security Strategy, With Stacey Halota
Dark Reading Videos  |  8/31/2015  | 
CISO of Graham Holdings visits Dark Reading News Desk at Black Hat to discuss why mobile security is a top priority and how to use mobile devices as a security tool.
FBI Sounds Alarm Again On Business Email Compromise Threat
News  |  8/28/2015  | 
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
The 7 Most Common RATS In Use Today
Commentary  |  8/28/2015  | 
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Heres a guide to help you in the hunt.
A Virtual Tour of IBMs SOCs, With Roger Hellman
A Virtual Tour of IBMs SOCs, With Roger Hellman
Dark Reading Videos  |  8/27/2015  | 
IBM's Roger Hellman visits the Dark Reading News Desk to talk about how IBM recreated a unique security operations center experience at Black Hat.
Catching Attackers With A Security Delivery Platform
Catching Attackers With A Security Delivery Platform
Dark Reading Videos  |  8/27/2015  | 
Shehzad Merchant, CTO of Gigamon, visits the Dark Reading News Desk to discuss a platform for finding and containing attackers once they've broken through your perimeter defense.
Cybersecurity Under FTC Authority: What Does it Mean?
Commentary  |  8/27/2015  | 
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
Flash: Web Browser Plugins Are Vulnerable
Partner Perspectives  |  8/27/2015  | 
Maybe its time to uninstall Flash for those that dont need it and continuously monitor those that do.
Consumers Want Password Alternatives
News  |  8/27/2015  | 
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
Getting To Yes, Cooperatively
Commentary  |  8/26/2015  | 
As security advocates, determining what beneficial means to a particular audience should be our first step in developing recommendations.
From Vicious To Virtuous: A Plan Of Attack For Incident Response
Partner Perspectives  |  8/26/2015  | 
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.
Kelly's Glimpse Of Black Hat
Kelly's Glimpse Of Black Hat
Dark Reading Videos  |  8/26/2015  | 
Dark Reading executive editor Kelly Jackson Higgins talks through the top trends and sessions, and how the industry has evolved since her first trip to Black Hat.
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Slideshows  |  8/25/2015  | 
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
What Drives A Developer To Use Security Tools -- Or Not
News  |  8/24/2015  | 
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
Keyless Cars: A New Frontier For Bug Bounties?
Commentary  |  8/24/2015  | 
With up to 100 million lines of code in the average car today -- and growing -- security vulnerabilities are bound to become the new normal.
Pen Testing A Smart City
Pen Testing A Smart City
Dark Reading Videos  |  8/21/2015  | 
Black Hat speakers visit the Dark Reading News Desk to discuss the stunning complexity and many soft spots of a metropolis full of IoT devices.
With Great IoT Comes Great Insecurity
Commentary  |  8/21/2015  | 
In the brave new world of 'things' and the services they connect to, built-in security has never been more critical. Here's what's getting in the way.
The Month Of Android Vulnerabilities Rolls On
News  |  8/20/2015  | 
Multi-media handling takes the most hits, and there are no easy fixes.
How Much Threat Intelligence Is Too Much?
Partner Perspectives  |  8/20/2015  | 
Turn your threat data into actionable intelligence by focusing on what is relevant to you and your organization.
Beware The Hidden Risk Of Business Partners In The Cloud
Commentary  |  8/20/2015  | 
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
Applying the 80/20 Rule to Cyber Security Practices
Commentary  |  8/19/2015  | 
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Quick Hits  |  8/19/2015  | 
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
IRS Get Transcript Breach Triples In Scope
News  |  8/19/2015  | 
Breach reported in May much larger than initially thought
Unpatched 'Tpwn' Mac OS X Bug Could Grant Root Privileges
News  |  8/18/2015  | 
Researchers beginning to find more cracks in Mac operating systems.
An Apple Fanboi Writing Malware For Mac OSX
An Apple Fanboi Writing Malware For Mac OSX
Dark Reading Videos  |  8/18/2015  | 
Patrick Wardle, director of research for Synack, spoke about his "Writing [email protected]$$ Malware for OS X" session at the Dark Reading News Desk at Black Hat.
Black Hat, Data Science, Machine Learning, and YOU!
Commentary  |  8/14/2015  | 
The time has come for security pros to start honing in on their machine learning skills. Heres why.
Securing Black Hat From Black Hat
Commentary  |  8/14/2015  | 
Dr. Chaos shares the inside scoop on the challenges and rewards of protecting one of the 'most hostile networks on the planet.'
The Summer Of Car Hacks Continues
News  |  8/13/2015  | 
New research shows how SMS messages manipulating vulns in insurance dongles can kill brakes on cars.
Mad World: The Truth About Bug Bounties
Commentary  |  8/13/2015  | 
What Oracle CSO Mary Ann Davidson doesnt get about modern security vulnerability disclosure.
Securing OS X: Apple, Security Vendors Need To Up Their Game
News  |  8/12/2015  | 
To date, OS X malware is pretty lame, but its easy to write better malware to bypass current defenses, security researcher Patrick Wardle told a Black Hat audience last week.
Software Security Is Hard But Not impossible
Commentary  |  8/12/2015  | 
New Interactive Application Security Testing products produce an interesting result under the right conditions, but they cant, by themselves, find all the security vulnerabilities you need to fix.
Windows 10 Gets Patch Tuesday Treatment, With 4 Critical Bugs Fixed
Quick Hits  |  8/12/2015  | 
Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.
Darkhotel Deploys Zero-Day From Hacking Team
News  |  8/10/2015  | 
Latest research shows how the spy crew continues to evolve its cyber espionage methods.
Inside The Aftermath Of The Saudi Aramco Breach
News  |  8/8/2015  | 
Former security advisor to the oil giant describes the days following the Armageddon-style cyberattack that wiped the hard drives of tens of thousands of computers.
Q&A: 20 Minutes With The Dark Tangent
News  |  8/8/2015  | 
DEF CON founder Jeff Moss on this year's DEF CON 23 hacker conference and the Internet of Things.
The NSA Playset: 5 Better Tools To Defend Systems
News  |  8/7/2015  | 
Using the NSA ANT Catalog as a model, security researchers learn about new attack techniques and technology.
Why Cyber-Physical Hackers Have It Harder Than You
News  |  8/6/2015  | 
Before you pout about having to learn a new infosec application, remember you don't need to also know physics, chemistry, engineering and how to make a pipeline explosion look like an accident.
Defending Industrial Ethernet Switches Is Not Easy, But Doable
News  |  8/6/2015  | 
Attacks and vulnerabilities against ICS and SCADA can be detected and monitored if operational folks know their network infrastructure.
Will it Blend? Earns Pwnie For Best Client Bug; OPM for Most Epic Fail
News  |  8/6/2015  | 
Pwnie Awards continue to celebrate the best bug discoveries and worst security fails.
New SMB Relay Attack Steals User Credentials Over Internet
News  |  8/5/2015  | 
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
From The Black Hat Keynote Stage: Jennifer Granick
News  |  8/5/2015  | 
World famous defender of hackers, privacy, and civil liberties exhorts attendees to preserve the dream of an open Internet.
Securing BGP Not As Difficult As You'd Think
News  |  8/5/2015  | 
But few service providers and organizations bother to deploy security for BGP, security expert says.
Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware
News  |  8/5/2015  | 
Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious.
Dark Reading News Desk Live At Black Hat 2015
News  |  8/4/2015  | 
Please join host Sara Peters and her guests for the first-ever Dark Reading News Desk show at Black Hat USA 2015. Thursday's broadcast begins at 11 a.m. PDT, 2 p.m. EDT
Terracotta VPN Piggybacks On Network Of Compromised Windows Servers
News  |  8/4/2015  | 
APT groups use this VPN service to launch attacks against organizations around the world.
Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection
News  |  8/4/2015  | 
Internal tool at defense company is made available to security community at large.
Dark Reading Preps Week Of Show Coverage At Black Hat USA
Commentary  |  8/3/2015  | 
If you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
Dark Reading News Desk Comes To You Live From Black Hat
Commentary  |  8/3/2015  | 
Live video coverage from Las Vegas Wednesday and Thursday
Breaking Honeypots For Fun And Profit
Commentary  |  8/3/2015  | 
As a concept, honeypots can be a powerful tool for detecting malware. But in the emerging field of cyber deception, theyre not up to the task of fooling attackers and getting our hands on their resources.


The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.