Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2015
The 'Remediation Gap:' A 4-Month Invitation To Attack
News  |  9/29/2015  | 
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging todays enterprise security.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
FTC v. Wyndham: Naughty 9 Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commissions fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Cisco Offers Free Tool To Detect SYNful Knock Router Malware
News  |  9/24/2015  | 
Tool helps businesses detect routers running known version of newly discovered malicious implant.
Healthcare Organizations Twice As Likely To Experience Data Theft
News  |  9/23/2015  | 
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
Cloud Security Visibility Gap Dogs Deployments
News  |  9/23/2015  | 
SANS says visibility is the top cloud security concern.
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
News  |  9/22/2015  | 
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why Its Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
XcodeGhost Another Crack In Apple's Circle of Trust
News  |  9/21/2015  | 
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
MiniDuke, CosmicDuke APT Group Likely Sponsored By Russia
News  |  9/17/2015  | 
F-Sure's look at the Dukes' seven years of attack campaigns and impressive portfolio of malware suggests stable financial backing, interest in Russian foreign policy, and no fear of getting caught.
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
News  |  9/16/2015  | 
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
Wordpress Dodges Further Embarassment By Patching Three Vulns
News  |  9/16/2015  | 
The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.
AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9
Quick Hits  |  9/16/2015  | 
iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Backdoored Business Routers An Emerging Threat
News  |  9/15/2015  | 
Discovery of malicious implants in 14 Cisco routers, tip of iceberg FireEye says
Intel Takes On Car Hacking, Founds Auto Security Review Board
News  |  9/14/2015  | 
Chipmaker establishes new Automotive Security Review Board for security tests and audits
Hacking Physical Systems 101
Hacking Physical Systems 101
Dark Reading Videos  |  9/14/2015  | 
Jason Larsen of IOActive joins the Dark Reading News Desk at Black Hat to talk about the fundamentals of cyber-physical attacks
Your Check Security Light Is On
Partner Perspectives  |  9/14/2015  | 
Please restart your car in safe mode.
Comic Con, Dark Reading Version
Slideshows  |  9/14/2015  | 
Our graphic novel illustrating a typical day in the life of a security super hero, as imagined by cartoonist John Klossner.
Attribution & The Nation-State Malware Market
Attribution & The Nation-State Malware Market
Dark Reading Videos  |  9/10/2015  | 
Malware researcher Marion Marschalek visits the Dark Reading News Desk at Black Hat to discuss attribution and the legitimate market for nation-states where "malware" is in the eyes of the beholder.
What Ashley Madison Can Teach The Rest Of Us About Data Security
Commentary  |  9/10/2015  | 
For a company whose offering can best be described as discretion-as-a-service, using anything less than state-of-the-art threat detection capabilities is inexcusable.
Cybercriminal Gang Extorts Businesses Via DDoS Attacks
News  |  9/9/2015  | 
Since April, the so-called DD4BC group has been responsible for at least 114 DDoS attacks on Akamai customers, vendor says.
Why Everybody Loves (And Hates) Security
Commentary  |  9/9/2015  | 
Even security professionals hate security. So why do we all harbor so much dislike for something we need so much? And what can we do about it?
FireEye, Kaspersky Lab Scramble To Fix Bugs In Security Tools
News  |  9/8/2015  | 
Security researchers -- very publicly -- find and reveal serious flaws in the high-profile security products.
Avoiding Magpie Syndrome In Cybersecurity
Commentary  |  9/8/2015  | 
A quick fix usually isnt. Heres why those bright shiny new point solutions and security features can cause more harm than good.
Back To Basics: 10 Security Best Practices
Commentary  |  9/4/2015  | 
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
Stealing Data By 'Living Off The Land'
News  |  9/3/2015  | 
Hackers latest tactic involves a malware-free attack using a companys own system credentials and admin tools to gain access.
China's Great Cannon: The Great Firewall's More Aggressive Partner
China's Great Cannon: The Great Firewall's More Aggressive Partner
Dark Reading Videos  |  9/3/2015  | 
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.
New Shifu Banking Trojan An Uber Patchwork Of Malware Tools
News  |  9/2/2015  | 
Sophisticated threat hitting banks in Japan combines best features of multiple previous banking malware, new IBM research says.
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Commentary  |  9/2/2015  | 
You can read all you want about Windows 10 powerful new privacy features, but that doesnt mean you have them.
Baby Monitors Expose Home -- And Business -- Networks
News  |  9/2/2015  | 
Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses.
Report: Ransomware Jumped 58 Percent in Q2
News  |  9/1/2015  | 
McAfee Threat Labs Report also zooms in on GPU malware and looks back on the first five years of the Intel-McAfee marriage.
Malware Pre-Installed On Over Two-Dozen Android Smartphone Brands
News  |  9/1/2015  | 
Threat affects several smartphones shipping from Asia including some popular ones such as Lenovo, Huawei, and Xiaomi, says G Data.
We Can Allow Cybersecurity Research Without Stifling Innovation
Commentary  |  9/1/2015  | 
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
Your Worst Day In IT
Partner Perspectives  |  9/1/2015  | 
Turns out the most common culprits aren't what you might think.


Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8096
PUBLISHED: 2020-04-07
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-11586
PUBLISHED: 2020-04-06
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVE-2020-11587
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
CVE-2020-11589
PUBLISHED: 2020-04-06
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
CVE-2020-11590
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.