Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2017
<<   <   Page 2 / 2
Old Flaws, New Tricks: CVE-2017-0199 and PowerPoint Abuse
News  |  8/16/2017  | 
Researchers discover attackers are using a patched Microsoft vulnerability to abuse PowerPoint files and distribute malware.
Insider Threats Loom Large for Security Pros
Quick Hits  |  8/16/2017  | 
Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
APT28 Uses EternalBlue to Spy on Hotel Wifi Networks
News  |  8/11/2017  | 
Hacker group APT28 is using the EternalBlue hacking tool to spread throughout hotel networks and collect guests' information.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Quick Hits  |  8/10/2017  | 
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
60% of Infosec Execs Are Boosting SOC Deployments
Quick Hits  |  8/10/2017  | 
A survey of security executives and managers finds a majority are expanding or upgrading their current SOC readiness.
White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program
News  |  8/10/2017  | 
The inaugural Air Force bug bounty program involved 272 vetted hackers, who submitted 207 valid flaws in 24 days.
Air Gap FAILs, Configuration Mistakes Causing ICS/SCADA Cyberattacks
News  |  8/10/2017  | 
A utility's cautionary tale, and how a popular ICS/SCADA network protocol failed a fuzzing test miserably.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
SMBs Practice Better IoT Security Than Large Enterprises Do
News  |  8/9/2017  | 
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
Microsoft Fixes 27 Remote Code Execution Flaws
News  |  8/9/2017  | 
Microsoft issued patches for 48 vulnerabilities as part of its monthly Patch Tuesday update, 25 of which were 'critical.'
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
New Consortium Promotes Proper Data Sanitization Practices
News  |  8/8/2017  | 
The International Data Sanitization Consortium (IDSC) will create guidelines and best practices for sanitizing data on hardware devices.
The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?
News  |  8/8/2017  | 
When researchers find vulnerabilities that leave older systems exposed, should the software giant create patches or encourage upgrades? Experts weigh in.
67% of Malware Attacks Came via Phishing in Second Quarter
News  |  8/8/2017  | 
During the second quarter, cyberattacks soared 24% worldwide with phishing attacks playing a large role and Adobe Flash one of the favorite attack targets.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
HBO Data Dumped, Hackers Demand Millions
Quick Hits  |  8/8/2017  | 
Attackers who reportedly stole 1.5TB of data from HBO release a second data dump and demand millions in ransom.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
NIST Releases Cybersecurity Definitions for the Workforce
News  |  8/7/2017  | 
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Voting System Hacks Prompt Push for Paper-Based Voting
News  |  8/7/2017  | 
DEF CON's Voting Machine Hacker Village hacks confirmed security experts' worst fears.
Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Quick Hits  |  8/7/2017  | 
A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.
One-Third of Businesses Hit with Malware-less Threats
Quick Hits  |  8/7/2017  | 
Scripting attacks, credential compromise, privilege escalation, and other malware-less threats affect IT systems and add to staff workload.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
HBO Breach Did Not Compromise Full Email System: CEO
Quick Hits  |  8/4/2017  | 
HBO's recent security breach likely did not compromise its entire email system as hacker(s) allegedly threaten to expose stolen data.
What Women in Cybersecurity Really Think About Their Careers
News  |  8/4/2017  | 
New survey conducted by a female security pro of other female security pros dispels a few myths.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Russian Botnet Creator Receives 46-Month Prison Sentence
Quick Hits  |  8/4/2017  | 
Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.
2017 Pwnie Awards: Who Won, Lost, and Pwned
Slideshows  |  8/3/2017  | 
Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Making Infosec Meetings More Inclusive
News  |  8/3/2017  | 
Diversity and inclusion experts explain how to avoid meeting pitfalls that preclude the voices of underrepresented members of the team.
DoJ Launches Framework for Vulnerability Disclosure Programs
Quick Hits  |  8/3/2017  | 
The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Chinese Telecom DDoS Attack Breaks Record
News  |  8/2/2017  | 
A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
Microsoft Security Put to the Test at Black Hat, DEF CON
News  |  8/1/2017  | 
Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.
US Senators Propose IoT Security Legislation
Quick Hits  |  8/1/2017  | 
A new bill aims to prohibit the production of IoT devices if they can't be patched or have their password changed.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
<<   <   Page 2 / 2


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...