Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2017
Page 1 / 2   >   >>
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
New Facebook, Instagram Bugs Demonstrate Social Media Risk
News  |  8/31/2017  | 
Security flaws in Facebook Messenger and Instagram let hackers propagate attacks and steal personal data.
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
News  |  8/31/2017  | 
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Ransomware is Going More Corporate, Less Consumer
News  |  8/30/2017  | 
Cybercriminals on average charge $544 for ransom per device, signaling a new sweet spot for payouts.
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
News  |  8/30/2017  | 
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
'Onliner' Spambot Amassed Hundreds of Millions of Stolen Email Addresses
Quick Hits  |  8/30/2017  | 
Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.
Office 365: A Vehicle for Internal Phishing Attacks
News  |  8/30/2017  | 
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
FBI/IRS-Themed Email Scam Spreads Ransomware
Quick Hits  |  8/29/2017  | 
Fake IRS and FBI emails are circulating on the Internet that attempt to lure victims into downloading malware that will ultimately hold their data hostage.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
US CERT Warns of Potential Hurricane Harvey Phishing Scams
Quick Hits  |  8/28/2017  | 
Be wary of malicious emails purportedly tied to the storm, officials say.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
10 Time-Consuming Tasks Security People Hate
Slideshows  |  8/28/2017  | 
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
New Targeted Ransomware Hits Healthcare, Manufacturing
Quick Hits  |  8/25/2017  | 
A new ransomware strain, Defray, that focuses on certain verticals in narrow and select attacks is making the rounds in the healthcare, education, manufacturing, and technology sectors.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Apple iOS Exploit Takes Complete Control of Kernel
News  |  8/24/2017  | 
Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.
Mac's Biggest Threats Lurk in the Apple App Store
News  |  8/24/2017  | 
Mac malware is on the rise, especially adware and potentially unwanted programs in the App Store.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
Suspect in Yahoo Breach Pleads Not Guilty
Quick Hits  |  8/23/2017  | 
Karim Baratov enters his plea in US Courts today, after waiving his extradition hearing in Canada last week.
Phish Bait: DMARC Adoption Failures Leave Companies Exposed
News  |  8/23/2017  | 
More than 90% of Fortune 500 companies leave customers and brand names vulnerable to domain name spoofing as a result of not fully implementing DMARC.
72% of Government Agencies Hit with Security Incidents
Quick Hits  |  8/23/2017  | 
The cause of the incidents large fell on human error and employee misuse.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Google Removes 500 Android Apps Following Spyware Scare
News  |  8/23/2017  | 
Android apps embedded with an advertising software development kit removed after researchers discover its potential for stealing users' caller data.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
How to Hack a Robot
News  |  8/22/2017  | 
Forget 'killer robots:' researchers demonstrate how collaborative robots, or 'cobots,' can be hacked and dangerous.
Tuesday: Spammers' Favorite Day of the Week
News  |  8/21/2017  | 
Spammers are most active when their targets are online, with the highest level of activity on Tuesday, Wednesday, and Thursday.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
50% of Ex-Employees Can Still Access Corporate Apps
News  |  8/18/2017  | 
Businesses drive the risk for data breaches when they fail to terminate employees' access to corporate apps after they leave.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
News  |  8/17/2017  | 
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.