Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2016
<<   <   Page 2 / 2
Risk Management Best Practices For CISOs
Commentary  |  9/14/2016  | 
What's your company's risk appetite? Our list of best practices can help you better understand a difficult topic.
Taking Down Impersonators: Methods For Combating Email Fraud
Taking Down Impersonators: Methods For Combating Email Fraud
Dark Reading Videos  |  9/14/2016  | 
Bob Adams, cybersecurity strategist at Mimecast, stops by the Black Hat News Desk.
Insider Incidents Cost Companies $4.3 Million Per Year On Average
News  |  9/13/2016  | 
Breaches caused by external attackers posing as insiders are the most financially damaging, Ponemon Institute survey finds.
Cybersecurity In The Obama Era
Slideshows  |  9/13/2016  | 
Our roundup of the Obama administrations major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
Portrait Of A Bug Bounty Hacker
News  |  9/13/2016  | 
Bounty programs attract young, self-taught hackers who primarily depend on it as a lucrative side gig.
A Moving Target: Tackling Cloud Security As A Data Issue
Commentary  |  9/13/2016  | 
Todays challenge is protecting critical information that an increasingly mobile workforce transfers every day between clouds, between cloud and mobile, and between cloud, mobile, and IoT.
Yes, Your Database Can Be Breached Through A Coffee Pot
Yes, Your Database Can Be Breached Through A Coffee Pot
Dark Reading Videos  |  9/13/2016  | 
Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.
PCI Security Update Targets PIN System Vendors
News  |  9/12/2016  | 
New requirements cover physical and logical security controls.
New Book Traces Obama Strategy To Protect America From Hackers, Terrorists & Nation States
Commentary  |  9/12/2016  | 
A review of Charlie Mitchell's 'Hacked: The Inside Story of Americas Struggle to Secure Cyberspace.'
FDA Probes Report Of Security Flaws In St. Jude Cardiac Devices
Quick Hits  |  9/12/2016  | 
US Food and Drug Administration is investigating charge that St. Jude medical devices can be exploited by hackers.
Data Manipulation: An Imminent Threat
Commentary  |  9/12/2016  | 
Critical industries are largely unprepared for a potential wave of destructive attacks.
RSA's Yoran Says Firm's Mission Remains Unchanged In Dell-EMC Merger
News  |  9/8/2016  | 
RSA remains in full charge of its destiny, RSA president Amit Yoran says.
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims
News  |  9/8/2016  | 
Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users' accounts.
Avoiding The Blame Game For A Cyberattack
Commentary  |  9/8/2016  | 
How organizations can develop a framework of acceptable care for cybersecurity risk.
Obama Calls For Norms To Prevent 'Cyber Wild Wild West'
Quick Hits  |  9/8/2016  | 
At G-20 summit, US President warns of a free-for-all if urgent measures are not taken by countries with cyber weapons capabilities.
HackProof Systems Challenges Hackers To Breach Server Security
Quick Hits  |  9/8/2016  | 
Company invites hackers to penetrate its new security technology and win $5,000.
The Shifting Mindset Of Financial Services CSOs
Commentary  |  9/8/2016  | 
Theyre getting more realistic and developing strategies to close security gaps.
Network Management Systems Vulnerable To SNMP Attacks
News  |  9/7/2016  | 
Products from many vendors vulnerable to XSS attacks because of basic input validation errors, Rapid7 says in report.
St. Jude Sues Muddy Waters, MedSec
Quick Hits  |  9/7/2016  | 
Medical device vulnerability-disclosure flap intensifies.
Look The Other Way: DDoS Attacks As Diversions
Look The Other Way: DDoS Attacks As Diversions
Dark Reading Videos  |  9/7/2016  | 
Black Hat News Desk talks to Joe Loveless of Neustar.
Cryptographic Key Reuse Remains Widespread In Embedded Products
News  |  9/6/2016  | 
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
Introducing Deep Learning: Boosting Cybersecurity With An Artificial Brain
Commentary  |  9/6/2016  | 
With nearly the same speed and precision that the human eye can identify a water bottle, the technology of deep learning is enabling the detection of malicious activity at the point of entry in real-time.
Yelp Offers Up To $15K Per Bug Via New Bounty Program
News  |  9/6/2016  | 
Reviews site building off previous success with private bug bounty program to launch new public program.
Why Social Media Sites Are The New Cyber Weapons Of Choice
Commentary  |  9/6/2016  | 
Facebook, LinkedIn, and Twitter cant secure their own environments, let alone yours. Its time to sharpen your security acumen.
The New Security Mindset: Embrace Analytics To Mitigate Risk
Commentary  |  9/5/2016  | 
Sure, conducting a penetration test can find a weakness. But to truly identify key areas of risk, organizations must start to think more creatively, just like todays hackers.
MedSec/Muddy Waters & The Future Of IoT Security
News  |  9/2/2016  | 
St. Jude vulnerability report could be test case for vulnerability disclosure.
Apple Issues Patches To Fix Trident Flaws In OS X El Capitan, Yosemite
News  |  9/2/2016  | 
Same zero-day flaws had been patched earlier in iOS as well
Guccifer Gets 52-Month Jail Term
Quick Hits  |  9/2/2016  | 
The Romanian hacker pleaded guilty to hacking and compromise of personal details of around 100 high-profile Americans.
Cisco's Talos Group Shuts Down Malvertising Campaign
Quick Hits  |  9/2/2016  | 
Global online campaign exploits ads with Neutrino Exploit Kit to transfer ransomware to victims' computers, reports Threatpost.
Researchers Uncover Car Infotainment Vulnerability
News  |  9/2/2016  | 
Should an automobile manufacturer have to release a patch for a feature that they never deployed? A newly discovered vulnerability in MirrorLink's infotainment software may force an answer.
3 Golden Rules For Managing Third-Party Security Risk
Commentary  |  9/1/2016  | 
Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
Air-Gapped Systems Foiled Again, Via USB Drive
News  |  9/1/2016  | 
Researchers at Israels Ben-Gurion University have come up with another novel way to extract data from air-gapped systems, at least theoretically.
How To Talk About Security With Every C-Suite Member
Commentary  |  9/1/2016  | 
Reframe your approach with context in order to get your message across.
California May Soon Treat Ransomware As Extortion
Quick Hits  |  9/1/2016  | 
State Senator Robert Hertzbergs legislation on ransomware awaits governors approval.
Password-Stealing Trojan Now Also Attacks With Cerber Ransomware
News  |  9/1/2016  | 
Weaponized Microsoft Word Documents spread one-two punch via the infamous Betabot.
<<   <   Page 2 / 2


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16246
PUBLISHED: 2019-12-12
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
CVE-2019-17358
PUBLISHED: 2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...
CVE-2019-17428
PUBLISHED: 2019-12-12
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.
CVE-2019-18345
PUBLISHED: 2019-12-12
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrat...
CVE-2019-19198
PUBLISHED: 2019-12-12
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.