Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2014
Software Assurance: Time to Raise the Bar on Static Analysis
Commentary  |  9/30/2014  | 
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
New Bash Bugs Surface
News  |  9/29/2014  | 
Time to patch again: Newly discovered flaws in Bash put Linux-based systems at risk.
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
News  |  9/25/2014  | 
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
How SaaS Adoption Is Changing Cloud Security
Commentary  |  9/25/2014  | 
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
Bash Bug May Be Worse Than Heartbleed
News  |  9/24/2014  | 
Linux, Unix, and Internet of Things devices affected by critical vulnerability.
'Hand-To-Hand Digital Combat' With Threat Actors
Quick Hits  |  9/23/2014  | 
CrowdStrike CEO and co-founder George Kurtz explains how to fight attackers, not fight malware.
Hacking Hackers: Taking Matters Into Private Hands
News  |  9/23/2014  | 
Private groups are fighting back against foreign sources of malware and credit fraud. But methodologies put these digital crusaders and their employers at serious legal risk.
Dark Reading Radio: Trends In Application Security
Commentary  |  9/23/2014  | 
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
The Truth About Ransomware: Youre On Your Own
Commentary  |  9/22/2014  | 
What should enterprises do when faced with ransomware? The answer is, it depends.
An AppSec Report Card: Developers Barely Passing
Commentary  |  9/19/2014  | 
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
5 Ways To Monitor DNS Traffic For Security Threats
Commentary  |  9/18/2014  | 
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Quick Hits  |  9/16/2014  | 
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
New CVE Naming Convention Could Break Vulnerability Management
News  |  9/16/2014  | 
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
In Defense Of Passwords
Commentary  |  9/16/2014  | 
Long live the password (as long as you use it correctly along with something else).
Worm Illuminates Potential NAS Nightmare
News  |  9/15/2014  | 
A researcher at Black Hat Europe hopes to demonstrate a homegrown, self-replicating worm to illustrate major threats to popular network-attached storage systems.
Internet Of Things Devices Are Doomed
News  |  9/15/2014  | 
Security researchers hack Canon printer firmware to run the classic 90s video game Doom as well as to wreak havoc with other manipulations.
5 Myths: Why We Are All Data Security Risks
Commentary  |  9/15/2014  | 
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Apple Pay: A Necessary Push To Transform Consumer Payments
Commentary  |  9/11/2014  | 
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Startup Uncovers Flaws In Mobile Apps, Launches New Security Service
Quick Hits  |  9/11/2014  | 
Wandera says only one of seven US employees is given any guidance on mobile security by the employer.
Study: 15 Million Devices Infected With Mobile Malware
Quick Hits  |  9/9/2014  | 
Sixty percent of the infected devices run Android.
No End In Sight For Ransomware
Commentary  |  9/8/2014  | 
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users dont pay up.
Poll: Significant Insecurity About Internet of Things
Commentary  |  9/5/2014  | 
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
Celeb Hack: Is Apple Telling All It Knows?
Commentary  |  9/3/2014  | 
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youre darn tootin'!


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19033
PUBLISHED: 2019-11-21
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVE-2019-19191
PUBLISHED: 2019-11-21
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVE-2019-15511
PUBLISHED: 2019-11-21
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed....
CVE-2019-16405
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
CVE-2019-16406
PUBLISHED: 2019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.