Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2016
Page 1 / 2   >   >>
More Than 40% Of Attacks Abuse SSL Encryption
News  |  8/31/2016  | 
New report shows risk of not inspecting encrypted packets.
2016 DDoS Attack Trends By The Numbers
Slideshows  |  8/31/2016  | 
Some highlights from recent reports on DDoS attack activity.
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
New 'Fantom' Ransomware Poses As Windows Update
News  |  8/30/2016  | 
Fantom malware comes disguised as a legitimate Microsoft Windows update to trick consumers and business users into downloading it.
Another IoT-Dominated Botnet Rises With Almost 1M Infected Devices
News  |  8/30/2016  | 
BASHLITE malware fuels another DDoS botnet made up primarily of flaw-ridden internet of things devices
Malware Markets: Exposing The Hype & Filtering The Noise
Commentary  |  8/30/2016  | 
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
Malware Found In Iran Petro Plants
Quick Hits  |  8/30/2016  | 
Virus not linked to recent fires in oil and gas facilities across the country, says official.
US Think Tanks Involved In Russia Research Allegedly Hacked
Quick Hits  |  8/30/2016  | 
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2016  | 
Once youve got a lake full of data, its essential that your analysis isnt left stranded on the shore.
Report: Hackers Breach Two State Election Databases, FBI Warns
Quick Hits  |  8/29/2016  | 
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
Critical Infrastructure: The Next Cyber-Attack Target
Commentary  |  8/29/2016  | 
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
Multiple Apple iOS Zero-Days Enabled Firm To Spy On Targeted iPhone Users For Years
News  |  8/26/2016  | 
Victims of lawful intercepts include human rights activists and journalist, researchers from Citizen Lab and Lookout say.
Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
Quick Hits  |  8/26/2016  | 
Start saving now.The global cost of cybercrime could reach $6 trillion by 2021, according to a Cybersecurity Ventures report.
How To Bullet Proof Your PAM Accounts: 7 Tips
Slideshows  |  8/26/2016  | 
Recent studies demonstrate the need for companies to focus more on their privileged users.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
CrowdStrike Integrates Scanning Engine With VirusTotal
News  |  8/25/2016  | 
Machine Learning engine first in virus-scanning service to provide confidence levels with results, vendor says.
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Quick Hits  |  8/25/2016  | 
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
A Temperature-Check On The State Of Application Security
News  |  8/25/2016  | 
AppSec is more dangerous than network security but receives less than half the funding, according to new Ponemon study.
French Submarine Firm Claims Economic Warfare After Massive Data Leak
News  |  8/24/2016  | 
The Australian publishes over 22,000 documents on six DCNS Scorpene subs that are being built in India
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
Ransomware Costs Enterprises $209M In 1H 2016
News  |  8/23/2016  | 
New report from Trend Micro shows the addition of ransomware families in first half of the year nearly doubled numbers for new families found in all of 2015.
Anatomy Of A Social Media Attack
Commentary  |  8/23/2016  | 
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
Eddie Bauer Reports Intrusion Into Point Of Sale Network
News  |  8/19/2016  | 
Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
Employee Arrested For Breach At Software Firm Sage
Quick Hits  |  8/19/2016  | 
Woman detained at Heathrow Airport for data fraud conspiracy impacting over 200 businesses.
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware
News  |  8/18/2016  | 
Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
Operation Ghoul Targets Industrial, Engineering Companies In 30 Countries
News  |  8/17/2016  | 
Attack campaign appears to be more about financial gain than industrial theft or sabotage, however.
8 Surprising Statistics About Insider Threats
Slideshows  |  8/17/2016  | 
Insider theft and negligence is real--and so are the practices that amplify the risks.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
US Election: Feds Offer Security Help To States To Prevent Hacking
Quick Hits  |  8/17/2016  | 
Move comes as Donald Trump questions integrity of the election systems.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Cerber Ransomware Could Net $2 Million Its First Year
News  |  8/16/2016  | 
A study of the Cerber operation's ransomware-as-a-service model highlights just how lucrative this cybercrime can be.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
New Banking Malware Touts Zeus-Like Capabilities
News  |  8/15/2016  | 
Scylex malware built from scratch for financial theft, according to an ad in infamous underground forum.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
The Future Of ATM Hacking
News  |  8/11/2016  | 
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
PLC Worms Pose Stealthy Threat To Industrial Systems
News  |  8/10/2016  | 
Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
30 More Victims Pinned On Highly Selective Cyberespionage Group
News  |  8/9/2016  | 
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
Spearphishing: Its Curiosity That Makes Them Click
News  |  8/9/2016  | 
Researchers prove that people can be fooled just because they want to know whats on the other end of that email. Here are three steps you can take without spending too much money.
Organizations Still Give Employees More Access Than They Need
News  |  8/9/2016  | 
Ponemon study shows that access to proprietary information remains on the rise.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
People Who Work Together Will Win
Partner Perspectives  |  8/9/2016  | 
Its time for an updated security strategy, built on efficiency and automation.
Symantec Discovers Strider, A New CyberEspionage Group
News  |  8/8/2016  | 
In action five years, highly selective threat actor has only been known to compromise seven organizations.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
News  |  8/8/2016  | 
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
DHS Mulls Designating US Election System As Critical Infrastructure
Quick Hits  |  8/5/2016  | 
DHS studying whether election system should fall under DHS cyber-protection purview.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.