Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2016
Page 1 / 2   >   >>
Today's Cybersecurity Management Requires A New Approach
Commentary  |  9/30/2016  | 
The current managed security services provider model just doesn't work in our information-rich world. Time to shake things up.
Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol
Quick Hits  |  9/30/2016  | 
The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report.
10 Hottest Sessions At Black Hat Europe 2016
Slideshows  |  9/30/2016  | 
A sneak-peek at some of the more intriguing Briefings at the upcoming conference in London.
EMV: The Anniversary Of One Deadline, The Eve of Another
News  |  9/29/2016  | 
How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
How A Pair Of Cybercriminals Scales Its Carder Business
News  |  9/29/2016  | 
'Vendetta Brothers' cybercrime duo runs site that offers cards stolen from over 600 banks in 41 countries, FireEye says.
Fear & Loathing In The Cloud
Commentary  |  9/29/2016  | 
Whether you've already bought your ticket for the cloud or still have some issues to sort through, fine-tune your security practices to make sure your ride is a smooth one.
A Bug Bounty Reality-Check
News  |  9/29/2016  | 
New study shows that bug bounties without a secure application development program and testing can be costly.
Russian Hackers Target Citizen Journalists Reporting On Malaysian Airlines Crash
News  |  9/28/2016  | 
Bellingcats reporters have been hit with spear phishing attacks and account takeover attempts for over a year, ThreatConnect says.
Hacking The Polls: Where US Voting Processes Fall Short
Commentary  |  9/28/2016  | 
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
5 Best Practices For Winning the IoT Security Arms Race
Commentary  |  9/27/2016  | 
By focusing on a pragmatic approach to security, its possible to develop IoT solutions that will reduce future risk without breaking the bank.
Mobile Fraud Changes Outlook for Multifactor Authentication
Commentary  |  9/27/2016  | 
SMS one-time passcodes just won't cut it anymore. We need new approaches that people will actually use.
What The WADA Hack Proves About Today's Threat Landscape
Commentary  |  9/26/2016  | 
Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.
Adware Campaign Using Advanced Nation-State Obfuscation Techniques
News  |  9/26/2016  | 
New report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora.
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry
News  |  9/23/2016  | 
Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says.
An Open-Source Security Maturity Model
An Open-Source Security Maturity Model
Dark Reading Videos  |  9/23/2016  | 
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
Commentary  |  9/23/2016  | 
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
Top Democrats Tell Putin To Halt Hacking Of US Political Parties
Quick Hits  |  9/23/2016  | 
Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
Biometric Skimmers Pose Emerging Threat To ATMs
News  |  9/22/2016  | 
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Commentary  |  9/22/2016  | 
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
10 Ways To Lock Down Third-Party Risk
Slideshows  |  9/22/2016  | 
Experts share ideas for closing potential security holes that leave organizations open to attack.
Even A False Positive Can Be Valuable
Commentary  |  9/22/2016  | 
Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
National Health ISAC Calls For Collaborative Vuln Disclosure
News  |  9/21/2016  | 
St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
Majority Of Major Corporations Have User Credentials Stolen And Exposed
News  |  9/21/2016  | 
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Commentary  |  9/21/2016  | 
This slightly modified model is a practical way to keep attackers out of your systems.
How Windows 10 Stops Script-Based Attacks On The Fly
How Windows 10 Stops Script-Based Attacks On The Fly
Dark Reading Videos  |  9/21/2016  | 
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Rand Study: Average Data Breach Costs $200K, Not Millions
News  |  9/21/2016  | 
Rand taps multiple data sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.
Chinese Researchers Hack Tesla S Models, Expose Bugs
Quick Hits  |  9/21/2016  | 
Automaker fixes security risks after Tencent Holdings uncover vulnerabilities in both parking and drive mode.
Zscaler Warns Of New iSpy Commercial Keylogger
News  |  9/20/2016  | 
Malware steals user data, license keys to popular applications.
Rise Of Machine Learning: Advancing Security With ML
Rise Of Machine Learning: Advancing Security With ML
Dark Reading Videos  |  9/20/2016  | 
Hal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.
Hacking 'Forward With Weaponized Intelligence
Commentary  |  9/20/2016  | 
Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
2016 On Track To See Over 1 Billion Records Breached
News  |  9/20/2016  | 
New report shows first half breach statistics put organizations on pace to beat last year's breach numbers by a wide margin.
Smartphone Infections Rise 96% In H1-2016: Malware Study
Quick Hits  |  9/20/2016  | 
Nokia report reveals April 2016 saw new all-time high in mobile infections with one out of every 120 smartphone affected.
Russia, Others Indeed Could Hack The Vote
News  |  9/19/2016  | 
DHS official 'confident' in electoral system security, but offers security assistance to localities and urges vigilance.
What Smart Cities Can Teach Enterprises About Security
Commentary  |  9/19/2016  | 
The more you simplify your security program while still being effective, the better, says San Diegos chief information security officer. Heres his three-step process.
Top Colleges For Cybersecurity
Slideshows  |  9/19/2016  | 
Check out these respected post-secondary U.S. cybersecurity education programs at both undergraduate and graduate levels.
The Future Of AI-Based Cybersecurity: It's Here Now
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Videos  |  9/19/2016  | 
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Commentary  |  9/19/2016  | 
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
FBI May Seek Legal Action Against Russian Hackers
Quick Hits  |  9/19/2016  | 
US government under pressure to take action against cyberattackers believed to be part of Russian intelligence groups, say sources.
Republican Lawmaker Withdraws Hack Allegations Saying He Misspoke
Quick Hits  |  9/16/2016  | 
Michael McCaul had earlier alleged that like DNC, the Republican National Committee computers were also breached by Russian hackers.
Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security
News  |  9/16/2016  | 
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices.
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
Commentary  |  9/16/2016  | 
The security approaches of yesterday wont work in the cloud world of today and tomorrow.
Google Chrome To Flag Non-HTTPS Logins, Credit Card Info 'Not Secure'
News  |  9/15/2016  | 
The move is part of a larger Google push to lock down Web traffic using encryption between the browser and Web server.
20 Questions Security Leaders Need To Ask About Analytics
Commentary  |  9/15/2016  | 
The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Students Say They'd Only Pay Ransomware Operators About $50
Quick Hits  |  9/15/2016  | 
Webroot survey finds that students will pay more to recover their private photos than to recover their schoolwork.
Data Loss Risks Rise In The Age Of Collaboration
News  |  9/15/2016  | 
Most organizations believe they have lost sensitive information due to external file sharing and third-party collaboration.
Yes, The Cloud Can Be A Security Win
Commentary  |  9/15/2016  | 
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
Microsoft Patches Zero Day Flaw Used In Two Massive Malvertising Campaigns
News  |  9/14/2016  | 
Bug gave attackers a way to identify and avoid systems belonging to security researchers and vendors, Proofpoint says.
Making The Dark Web Less Scary
Making The Dark Web Less Scary
Dark Reading Videos  |  9/14/2016  | 
Lance James, chief scientist at Flashpoint, stops by the Dark Reading News Desk to share his thoughts about the Dark Web.
France's Online Criminal Underground Built On Foundation Of Distrust
News  |  9/14/2016  | 
French criminals seeking black market goods and services -- cyber and otherwise -- have to look in darker shadows and work harder to prove their felonious credibility.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.