Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2018
Page 1 / 3   >   >>
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
News  |  8/30/2018  | 
Cryptojacking miners and fileless malware see biggest growth in first half of 2018.
Who's At Greatest Risk for BEC Attacks? Not the CEO
News  |  8/30/2018  | 
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
New Pen Test Tool Tricks Targets with Microsoft WCX Files
Quick Hits  |  8/30/2018  | 
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
'Security Fatigue' Could Put Business at Risk
News  |  8/29/2018  | 
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Windows Zero-Day Flaw Disclosed Via Twitter
News  |  8/29/2018  | 
Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
7 Steps to Start Searching with Shodan
Slideshows  |  8/29/2018  | 
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Fileless Attacks Jump 94% in First Half of 2018
News  |  8/28/2018  | 
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
PCI SSC Releases New Security Tools for Small Businesses
Quick Hits  |  8/28/2018  | 
Tool intended to help small businesses understand their risk and how well they're being addressed.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
Iranian Hackers Target Universities in Global Cyberattack Campaign
News  |  8/27/2018  | 
Cobalt Dickens threat group is suspected to be behind a large-scale cyberattack wave targeting credentials to access academic resources.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Half of Small Businesses Believe They're Not Cybercrime Targets
News  |  8/24/2018  | 
New SMB version of the NIST Cybersecurity Framework could help these organizations properly assess and respond to their security risks.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
Dark Reading Videos  |  8/23/2018  | 
IBM research scientist discusses DeepLocker, a stealthy artificial intelligence-enhanced proof-of-concept that won't release any payload until the attacker reaches its ultimate target.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
Lazarus Group Builds its First MacOS Malware
News  |  8/23/2018  | 
This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.
The GDPR Ripple Effect
Commentary  |  8/23/2018  | 
Will we ever see a truly global data security and privacy mandate?
New Mirai Variants Leverage Open Source Project
Quick Hits  |  8/23/2018  | 
Aboriginal Linux gives Mirai new cross-platform capabilities - including Android.
CA Man Arrested for Conspiracy to Launder BEC Earnings
Quick Hits  |  8/23/2018  | 
Ochenetchouwe Adegor Ederaine Jr., was involved with an organization engaged with wire fraud and related criminal activity, the DoJ reports.
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
News  |  8/23/2018  | 
Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Adobe Software at Center of Two Vulnerability Disclosures
News  |  8/22/2018  | 
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
New Insurance Product Adds Coverage for Cryptomining Malware Losses
Quick Hits  |  8/22/2018  | 
Product also covers all forms of illicit use of business services, including toll fraud and unauthorized use of cloud services.
The Votes Are In: Election Security Matters
Commentary  |  8/22/2018  | 
Three ways to make sure that Election Day tallies are true.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
How Threats Increase in Internet Time
News  |  8/21/2018  | 
Cybercrime incidents and costs increase with each passing minute on the Internet.
How to Gauge the Effectiveness of Security Awareness Programs
Commentary  |  8/21/2018  | 
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Clinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
Quick Hits  |  8/21/2018  | 
More than half of organizations could be out of compliance, new research shows.
Latin America Served with 'Dark Tequila' Banking Malware
Quick Hits  |  8/21/2018  | 
The complex operation packs a multistage payload and spreads via spear-phishing emails and infected USB devices.
Proving ROI: How a Security Road Map Can Sway the C-Suite
Commentary  |  8/21/2018  | 
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
Hackers Use Public Cloud Features to Breach, Persist In Business Networks
News  |  8/21/2018  | 
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
7 Serious IoT Vulnerabilities
Slideshows  |  8/21/2018  | 
A growing number of employees have various IoT devices in their homes where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
Ohio Man Sentenced To 15 Months For BEC Scam
Quick Hits  |  8/20/2018  | 
Olumuyiwa Adejumo and co-conspirators targeted CEOs, CFOs, and other enterprise leaders in the US with fraudulent emails.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
Researchers Find New Fast-Acting Side-Channel Vulnerability
News  |  8/17/2018  | 
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Marap Malware Appears, Targeting Financial Sector
Quick Hits  |  8/17/2018  | 
A new form of modular downloader packs the ability to download other modules and payloads.
Building Security into the DevOps Pipeline
Building Security into the DevOps Pipeline
Dark Reading Videos  |  8/17/2018  | 
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
Page 1 / 3   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.