Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2017
<<   <   Page 2 / 2
Old Flaws, New Tricks: CVE-2017-0199 and PowerPoint Abuse
News  |  8/16/2017  | 
Researchers discover attackers are using a patched Microsoft vulnerability to abuse PowerPoint files and distribute malware.
Insider Threats Loom Large for Security Pros
Quick Hits  |  8/16/2017  | 
Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
APT28 Uses EternalBlue to Spy on Hotel Wifi Networks
News  |  8/11/2017  | 
Hacker group APT28 is using the EternalBlue hacking tool to spread throughout hotel networks and collect guests' information.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Quick Hits  |  8/10/2017  | 
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
60% of Infosec Execs Are Boosting SOC Deployments
Quick Hits  |  8/10/2017  | 
A survey of security executives and managers finds a majority are expanding or upgrading their current SOC readiness.
White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program
News  |  8/10/2017  | 
The inaugural Air Force bug bounty program involved 272 vetted hackers, who submitted 207 valid flaws in 24 days.
Air Gap FAILs, Configuration Mistakes Causing ICS/SCADA Cyberattacks
News  |  8/10/2017  | 
A utility's cautionary tale, and how a popular ICS/SCADA network protocol failed a fuzzing test miserably.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
SMBs Practice Better IoT Security Than Large Enterprises Do
News  |  8/9/2017  | 
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
Microsoft Fixes 27 Remote Code Execution Flaws
News  |  8/9/2017  | 
Microsoft issued patches for 48 vulnerabilities as part of its monthly Patch Tuesday update, 25 of which were 'critical.'
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
New Consortium Promotes Proper Data Sanitization Practices
News  |  8/8/2017  | 
The International Data Sanitization Consortium (IDSC) will create guidelines and best practices for sanitizing data on hardware devices.
The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?
News  |  8/8/2017  | 
When researchers find vulnerabilities that leave older systems exposed, should the software giant create patches or encourage upgrades? Experts weigh in.
67% of Malware Attacks Came via Phishing in Second Quarter
News  |  8/8/2017  | 
During the second quarter, cyberattacks soared 24% worldwide with phishing attacks playing a large role and Adobe Flash one of the favorite attack targets.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
HBO Data Dumped, Hackers Demand Millions
Quick Hits  |  8/8/2017  | 
Attackers who reportedly stole 1.5TB of data from HBO release a second data dump and demand millions in ransom.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
NIST Releases Cybersecurity Definitions for the Workforce
News  |  8/7/2017  | 
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Voting System Hacks Prompt Push for Paper-Based Voting
News  |  8/7/2017  | 
DEF CON's Voting Machine Hacker Village hacks confirmed security experts' worst fears.
Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Quick Hits  |  8/7/2017  | 
A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.
One-Third of Businesses Hit with Malware-less Threats
Quick Hits  |  8/7/2017  | 
Scripting attacks, credential compromise, privilege escalation, and other malware-less threats affect IT systems and add to staff workload.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
HBO Breach Did Not Compromise Full Email System: CEO
Quick Hits  |  8/4/2017  | 
HBO's recent security breach likely did not compromise its entire email system as hacker(s) allegedly threaten to expose stolen data.
What Women in Cybersecurity Really Think About Their Careers
News  |  8/4/2017  | 
New survey conducted by a female security pro of other female security pros dispels a few myths.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Russian Botnet Creator Receives 46-Month Prison Sentence
Quick Hits  |  8/4/2017  | 
Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.
2017 Pwnie Awards: Who Won, Lost, and Pwned
Slideshows  |  8/3/2017  | 
Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Making Infosec Meetings More Inclusive
News  |  8/3/2017  | 
Diversity and inclusion experts explain how to avoid meeting pitfalls that preclude the voices of underrepresented members of the team.
DoJ Launches Framework for Vulnerability Disclosure Programs
Quick Hits  |  8/3/2017  | 
The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Chinese Telecom DDoS Attack Breaks Record
News  |  8/2/2017  | 
A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
Microsoft Security Put to the Test at Black Hat, DEF CON
News  |  8/1/2017  | 
Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.
US Senators Propose IoT Security Legislation
Quick Hits  |  8/1/2017  | 
A new bill aims to prohibit the production of IoT devices if they can't be patched or have their password changed.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
<<   <   Page 2 / 2


A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17612
PUBLISHED: 2019-10-15
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&amp;c=Ad&amp;a=category sort parameter.
CVE-2019-17613
PUBLISHED: 2019-10-15
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&amp;action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17395
PUBLISHED: 2019-10-15
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17602
PUBLISHED: 2019-10-15
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
CVE-2019-17394
PUBLISHED: 2019-10-15
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.