Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2018
<<   <   Page 2 / 3   >   >>
Exploring, Exploiting Active Directory Admin Flaws
News  |  8/17/2018  | 
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
Australian Teen Hacked Apple Network
Quick Hits  |  8/17/2018  | 
The 16-year-old made off with 90 gigs of sensitive data.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Necurs Botnet Goes Phishing for Banks
News  |  8/16/2018  | 
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
Researcher Finds MQTT Hole in IoT Defenses
News  |  8/16/2018  | 
A commonly used protocol provides a gaping backdoor when misconfigured.
Active Third-Party Content the Bane of Web Security
News  |  8/16/2018  | 
New reports shows many of the world's most popular sites serve up active content from risky sources.
Facebook Awards $1M for Defense-Based Research
Quick Hits  |  8/16/2018  | 
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Intel Reveals New Spectre-Like Vulnerability
News  |  8/15/2018  | 
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
Instagram Hack: Hundreds Affected, Russia Suspected
Quick Hits  |  8/15/2018  | 
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
News  |  8/14/2018  | 
Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
News  |  8/14/2018  | 
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
News  |  8/14/2018  | 
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
News  |  8/14/2018  | 
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
Hacker Unlocks 'God Mode' and Shares the 'Key'
News  |  8/13/2018  | 
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
Social Engineers Show Off Their Tricks
News  |  8/13/2018  | 
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
News  |  8/13/2018  | 
Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
'Hack the Marine Corps' Bug Bounty Event Held in Vegas
News  |  8/13/2018  | 
$80K in payouts went to handpicked hackers in nine-hour event during DEF CON in Las Vegas.
Nigerian National Convicted for Phishing US Universities
Quick Hits  |  8/13/2018  | 
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
FBI Warns of Cyber Extortion Scam
Quick Hits  |  8/13/2018  | 
Spear-phishing techniques are breathing new life into an old scam.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
News  |  8/10/2018  | 
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
6 Eye-Raising Third-Party Breaches
Slideshows  |  8/10/2018  | 
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
Xori Adds Speed, Breadth to Disassembler Lineup
News  |  8/9/2018  | 
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
News  |  8/9/2018  | 
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
Weakness in WhatsApp Enables Large-Scale Social Engineering
News  |  8/9/2018  | 
Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
White Hat to Black Hat: What Motivates the Switch to Cybercrime
News  |  8/8/2018  | 
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
10 Threats Lurking on the Dark Web
Slideshows  |  8/8/2018  | 
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
News  |  8/8/2018  | 
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
Even 'Regular Cybercriminals' Are After ICS Networks
News  |  8/7/2018  | 
A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Expect API Breaches to Accelerate
News  |  8/7/2018  | 
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
US-CERT Warns of New Linux Kernel Vulnerability
Quick Hits  |  8/7/2018  | 
Patches now available to prevent DoS attack on Linux systems.
Salesforce Customer Data Possibly Exposed in API Glitch
Quick Hits  |  8/6/2018  | 
The issue was discovered and fixed on July 18.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Mastering MITRE's ATT&CK Matrix
Slideshows  |  8/6/2018  | 
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
Dept. of Energy to Test Electrical Grid Against Cyberattacks
Quick Hits  |  8/3/2018  | 
This is the first time the Department of Energy will test the electrical grid's ability to recover from a blackout caused by cyberattacks.
<<   <   Page 2 / 3   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16246
PUBLISHED: 2019-12-12
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
CVE-2019-17358
PUBLISHED: 2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...
CVE-2019-17428
PUBLISHED: 2019-12-12
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.
CVE-2019-18345
PUBLISHED: 2019-12-12
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrat...
CVE-2019-19198
PUBLISHED: 2019-12-12
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.