Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2016
Page 1 / 2   >   >>
More Than 40% Of Attacks Abuse SSL Encryption
News  |  8/31/2016  | 
New report shows risk of not inspecting encrypted packets.
2016 DDoS Attack Trends By The Numbers
Slideshows  |  8/31/2016  | 
Some highlights from recent reports on DDoS attack activity.
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
New 'Fantom' Ransomware Poses As Windows Update
News  |  8/30/2016  | 
Fantom malware comes disguised as a legitimate Microsoft Windows update to trick consumers and business users into downloading it.
Another IoT-Dominated Botnet Rises With Almost 1M Infected Devices
News  |  8/30/2016  | 
BASHLITE malware fuels another DDoS botnet made up primarily of flaw-ridden internet of things devices
Malware Markets: Exposing The Hype & Filtering The Noise
Commentary  |  8/30/2016  | 
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
Malware Found In Iran Petro Plants
Quick Hits  |  8/30/2016  | 
Virus not linked to recent fires in oil and gas facilities across the country, says official.
US Think Tanks Involved In Russia Research Allegedly Hacked
Quick Hits  |  8/30/2016  | 
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2016  | 
Once youve got a lake full of data, its essential that your analysis isnt left stranded on the shore.
Report: Hackers Breach Two State Election Databases, FBI Warns
Quick Hits  |  8/29/2016  | 
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
Critical Infrastructure: The Next Cyber-Attack Target
Commentary  |  8/29/2016  | 
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
Multiple Apple iOS Zero-Days Enabled Firm To Spy On Targeted iPhone Users For Years
News  |  8/26/2016  | 
Victims of lawful intercepts include human rights activists and journalist, researchers from Citizen Lab and Lookout say.
Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
Quick Hits  |  8/26/2016  | 
Start saving now.The global cost of cybercrime could reach $6 trillion by 2021, according to a Cybersecurity Ventures report.
How To Bullet Proof Your PAM Accounts: 7 Tips
Slideshows  |  8/26/2016  | 
Recent studies demonstrate the need for companies to focus more on their privileged users.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
CrowdStrike Integrates Scanning Engine With VirusTotal
News  |  8/25/2016  | 
Machine Learning engine first in virus-scanning service to provide confidence levels with results, vendor says.
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Quick Hits  |  8/25/2016  | 
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
A Temperature-Check On The State Of Application Security
News  |  8/25/2016  | 
AppSec is more dangerous than network security but receives less than half the funding, according to new Ponemon study.
French Submarine Firm Claims Economic Warfare After Massive Data Leak
News  |  8/24/2016  | 
The Australian publishes over 22,000 documents on six DCNS Scorpene subs that are being built in India
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
Ransomware Costs Enterprises $209M In 1H 2016
News  |  8/23/2016  | 
New report from Trend Micro shows the addition of ransomware families in first half of the year nearly doubled numbers for new families found in all of 2015.
Anatomy Of A Social Media Attack
Commentary  |  8/23/2016  | 
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
Eddie Bauer Reports Intrusion Into Point Of Sale Network
News  |  8/19/2016  | 
Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
Employee Arrested For Breach At Software Firm Sage
Quick Hits  |  8/19/2016  | 
Woman detained at Heathrow Airport for data fraud conspiracy impacting over 200 businesses.
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware
News  |  8/18/2016  | 
Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
Operation Ghoul Targets Industrial, Engineering Companies In 30 Countries
News  |  8/17/2016  | 
Attack campaign appears to be more about financial gain than industrial theft or sabotage, however.
8 Surprising Statistics About Insider Threats
Slideshows  |  8/17/2016  | 
Insider theft and negligence is real--and so are the practices that amplify the risks.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
US Election: Feds Offer Security Help To States To Prevent Hacking
Quick Hits  |  8/17/2016  | 
Move comes as Donald Trump questions integrity of the election systems.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Cerber Ransomware Could Net $2 Million Its First Year
News  |  8/16/2016  | 
A study of the Cerber operation's ransomware-as-a-service model highlights just how lucrative this cybercrime can be.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
New Banking Malware Touts Zeus-Like Capabilities
News  |  8/15/2016  | 
Scylex malware built from scratch for financial theft, according to an ad in infamous underground forum.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
The Future Of ATM Hacking
News  |  8/11/2016  | 
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
PLC Worms Pose Stealthy Threat To Industrial Systems
News  |  8/10/2016  | 
Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
30 More Victims Pinned On Highly Selective Cyberespionage Group
News  |  8/9/2016  | 
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
Spearphishing: Its Curiosity That Makes Them Click
News  |  8/9/2016  | 
Researchers prove that people can be fooled just because they want to know whats on the other end of that email. Here are three steps you can take without spending too much money.
Organizations Still Give Employees More Access Than They Need
News  |  8/9/2016  | 
Ponemon study shows that access to proprietary information remains on the rise.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
People Who Work Together Will Win
Partner Perspectives  |  8/9/2016  | 
Its time for an updated security strategy, built on efficiency and automation.
Symantec Discovers Strider, A New CyberEspionage Group
News  |  8/8/2016  | 
In action five years, highly selective threat actor has only been known to compromise seven organizations.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
News  |  8/8/2016  | 
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
DHS Mulls Designating US Election System As Critical Infrastructure
Quick Hits  |  8/5/2016  | 
DHS studying whether election system should fall under DHS cyber-protection purview.
Page 1 / 2   >   >>


Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16531
PUBLISHED: 2019-09-20
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVE-2019-9717
PUBLISHED: 2019-09-19
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVE-2019-9719
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9720
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-16525
PUBLISHED: 2019-09-19
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.