Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2019
Page 1 / 3   >   >>
New Credential-Theft Attack Weaponizes DNS
Quick Hits  |  8/30/2019  | 
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
Google Uncovers Massive iPhone Attack Campaign
News  |  8/30/2019  | 
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Commentary  |  8/30/2019  | 
Three steps for relieving the pressure of picking the right tools.
Retadup Worm Squashed After Infecting 850K Machines
News  |  8/29/2019  | 
An operation involving French law enforcement, the FBI, and Avast forces Retadup to delete itself from victim machines.
Google Announces New, Expanded Bounty Programs
Quick Hits  |  8/29/2019  | 
The company is significantly expanding the bug-bounty program for Google Play and starting a program aimed at user data protection.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
News  |  8/29/2019  | 
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
Privacy 2019: We're Not Ready
Commentary  |  8/29/2019  | 
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
Facebook Patches Second Account-Takeover Flaw in Instagram
News  |  8/28/2019  | 
The password-recovery mechanism once again puts users of the photo- and video-sharing platform at risk.
Magecart Shops for Victims as E-Commerce Market Grows
News  |  8/28/2019  | 
In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.
TrickBot Comes to Cellular Carriers
Quick Hits  |  8/28/2019  | 
A new malicious campaign seeks cell account PINs from victims.
Malware Found in Android App with 100M Users
Quick Hits  |  8/28/2019  | 
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Commentary  |  8/28/2019  | 
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
New 'Lyceum' Threat Group Eyes Critical Infrastructure
Quick Hits  |  8/27/2019  | 
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
WannaCry Remains No. 1 Ransomware Weapon
News  |  8/27/2019  | 
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
Apple Releases Emergency Patch for iPhone Jailbreak Flaw
Quick Hits  |  8/26/2019  | 
iOS version 12.4.1 fixes the "use after free" vulnerability.
More Than Half of Social Media Login Attempts Are Fraud
News  |  8/26/2019  | 
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
3 Arrested in Transnational Fraud Indictments
Quick Hits  |  8/26/2019  | 
According to the indictments, the accused impersonated government officials when they demanded money from their victims.
IRS Alerts Taxpayers to New Email Scam
Quick Hits  |  8/26/2019  | 
A spoofed IRS.gov link leads victims to a fraudulent Web page where they are prompted to download malware.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
80 Charged in Massive BEC Operation Bust
News  |  8/23/2019  | 
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
New Malware Variant Targets Old Adobe, Office Vulnerabilities
News  |  8/22/2019  | 
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
News  |  8/22/2019  | 
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
LinkedIn Details Features of Fight Against Fakes
Quick Hits  |  8/22/2019  | 
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
News  |  8/21/2019  | 
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
Ransomware Hits Fortnite Players
Quick Hits  |  8/21/2019  | 
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
7 Big Factors Putting Small Businesses At Risk
Slideshows  |  8/21/2019  | 
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Quick Hits  |  8/20/2019  | 
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
Apple Misstep Leaves iPhones Open to Jailbreak
News  |  8/20/2019  | 
Newest version of iOS contains a critical bug that the company had previously already patched.
Cyberthreats Against Financial Services Up 56%
Quick Hits  |  8/20/2019  | 
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
Who Gets Privileged Access & How to Enforce It
Commentary  |  8/20/2019  | 
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
5 Ways to Improve the Patching Process
Slideshows  |  8/20/2019  | 
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Instagram Added to Facebook Data-Abuse Bounty Program
News  |  8/19/2019  | 
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Towns Across Texas Hit in Coordinated Ransomware Attack
News  |  8/19/2019  | 
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
News  |  8/19/2019  | 
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
Tough Love: Debunking Myths about DevOps & Security
Commentary  |  8/19/2019  | 
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
News  |  8/16/2019  | 
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
European Central Bank Website Hit by Malware Attack
Quick Hits  |  8/16/2019  | 
The website was infected with malware that stole information on subscribers to a bank newsletter.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Behind the Scenes at ICS Village
News  |  8/16/2019  | 
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
NSA Researchers Talk Development, Release of Ghidra SRE Tool
News  |  8/15/2019  | 
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
New Research Finds More Struts Vulnerabilities
Quick Hits  |  8/15/2019  | 
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
The Flaw in Vulnerability Management: It's Time to Get Real
Commentary  |  8/15/2019  | 
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
68% of Companies Say Red Teaming Beats Blue Teaming
Quick Hits  |  8/15/2019  | 
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
Page 1 / 3   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.