Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2019
<<   <   Page 2 / 3   >   >>
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Commentary  |  8/15/2019  | 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
7 Biggest Cloud Security Blind Spots
Slideshows  |  8/15/2019  | 
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
Financial Phishing Grows in Volume and Sophistication in First Half of 2019
News  |  8/14/2019  | 
Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.
Trend Micro Patches Privilege Escalation Bug in its Password Manager
News  |  8/14/2019  | 
Organizations should update to latest build as soon as possible, security vendor says.
Stronger Defenses Force Cybercriminals to Rethink Strategy
News  |  8/14/2019  | 
Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Commentary  |  8/14/2019  | 
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes
News  |  8/14/2019  | 
Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning.
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Quick Hits  |  8/14/2019  | 
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
Microservices Flip App Security on Its Head
Commentary  |  8/14/2019  | 
With faster application deployment comes increased security considerations.
Apple's New Bounty Program Has Huge Incentives, Big Risks
News  |  8/13/2019  | 
Industry observers applaud the program's ability to find exploits but fear unintended consequences.
Does Personality Make You Vulnerable to Cybercrime?
News  |  8/13/2019  | 
A new study explores the connections between personality traits and susceptibility to different cyberattacks.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
News  |  8/13/2019  | 
Similar to the now-patched 'BlueKeep' vulnerability, two flaws fixed today could let malware spread across vulnerable computers.
Barracuda Buys Bot-Battling Tech from InfiSecure
Quick Hits  |  8/13/2019  | 
The intellectual property acquired will add to Barracuda's bot-detection capabilities.
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
Commentary  |  8/13/2019  | 
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
700K Guest Records Stolen in Choice Hotels Breach
Quick Hits  |  8/13/2019  | 
Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.
History Doesn't Repeat Itself in Cyberspace
Commentary  |  8/13/2019  | 
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Slideshows  |  8/13/2019  | 
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
DEF CON Voting Village: It's About 'Risk'
News  |  8/12/2019  | 
DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process.
Security Flaws Discovered in 40 Microsoft-Certified Device Drivers
News  |  8/12/2019  | 
Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system.
FBI Plans to Monitor Social Media May Spark Privacy Issues
Quick Hits  |  8/12/2019  | 
A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance.
Hackers Can Hurt Victims with Noise
Quick Hits  |  8/12/2019  | 
Research presented at DEF CON shows that attackers can hijack Wi-Fi and Bluetooth-connected speakers to produce damaging sounds.
Security Pros, Congress Reps Talk National Cybersecurity at DEF CON
News  |  8/12/2019  | 
Cybersecurity and government leaders discussed why Congress is unprepared for a major cyberattack and how the two parties can collaborate.
More Focus on Security as Payment Technologies Proliferate
News  |  8/12/2019  | 
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
6 Security Considerations for Wrangling IoT
Commentary  |  8/12/2019  | 
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
New Vulnerability Risk Model Promises More-Efficient Security
News  |  8/9/2019  | 
Taking into account more factors than the current CVSS makes for a better assessment of actual danger.
State Farm Reports Credential-Stuffing Attack
Quick Hits  |  8/9/2019  | 
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
7 Online Safety Tips for College Students
Slideshows  |  8/9/2019  | 
Heading back to campus soon? Here are seven tips that will get your digital house in order and keep you safe online this semester.
Significant Vulnerabilities Found in 6 Common Printer Brands
News  |  8/9/2019  | 
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
It's (Still) the Password, Stupid!
Commentary  |  8/9/2019  | 
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Ransomware Shifts Focus from Consumers to Businesses
Quick Hits  |  8/8/2019  | 
In addition, ransomware seems likely to continue its evolution in the second half of 2019.
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
News  |  8/8/2019  | 
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
Dark Reading News Desk Live at Black Hat USA 2019
News  |  8/8/2019  | 
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
Yes, FaceApp Really Could Be Sending Your Data to Russia
Commentary  |  8/8/2019  | 
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
WhatsApp Messages Can Be Intercepted, Manipulated
News  |  8/8/2019  | 
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
Researchers Show Vulnerabilities in Facial Recognition
News  |  8/7/2019  | 
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
News  |  8/7/2019  | 
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
News  |  8/7/2019  | 
Boeing disputes IOActive findings ahead of security firm's Black Hat USA presentation.
New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep
News  |  8/6/2019  | 
The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown.
US Air Force Bug Bounty Program Nets 54 Flaws for $123,000
News  |  8/6/2019  | 
The Air Force brought together 50 vetted hackers to find the vulnerabilities in the latest bug-bounty program hosted by a branch of the US military.
Russian Attack Group Uses Phones & Printers to Breach Corporate Networks
Quick Hits  |  8/6/2019  | 
Microsoft spotted Strontium, also known as APT28 or Fancy Bear, using IoT devices to breach businesses and seek high-value data.
Ongoing Campaign Spoofs Walmart, Dating, Movie Sites
News  |  8/6/2019  | 
A new investigation detects more than 540 domain names linked to the Walmart brand and camouflaged as career, dating, and entertainment websites.
When Perceived Cybersecurity Risk Outweighs Reality
Commentary  |  8/6/2019  | 
Teams need to manage perceived risks so they can focus on fighting the real fires.
Security & the Infinite Capacity to Rationalize
Commentary  |  8/6/2019  | 
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Destructive Malware Attacks Up 200% in 2019
News  |  8/5/2019  | 
Organizations hit with destructive malware can lose more than 12,000 machines and face $200 million or more in costs, IBM X-Force reports.
Database of 200M-Plus Potential 'Sextortion' Victims Published
Quick Hits  |  8/5/2019  | 
Researchers have discovered a botnet (and the database it feeds on) dedicated to extortion schemes.
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K
News  |  8/5/2019  | 
Microsoft has invited security experts to 'come and do their worst' to mimic cybercriminals in the Azure Security Lab.
Fighting Back Against Mobile Fraudsters
Commentary  |  8/5/2019  | 
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
US Utilities Hit with Phishing Attack
Quick Hits  |  8/2/2019  | 
An email phishing attack, thought to be from a nation-state actor, claims that engineers have failed licensing exams.
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product
News  |  8/1/2019  | 
A security consultant reported vulnerabilities in Cisco's Video Surveillance Manager in 2009 but the company ignored the issues and fired the consultant.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.