Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2017
<<   <   Page 2 / 2
Businesses Fail to Properly Secure, Assess SSH: ISACA
Quick Hits  |  9/13/2017  | 
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
10 Ways to Prevent Your Mobile Devices From Becoming Bots
Slideshows  |  9/13/2017  | 
Enterprises may not notice a huge impact on their network's bandwidth, but other repercussions may loom in the background.
China to Create Data Repository to Log Cyberattacks
Quick Hits  |  9/13/2017  | 
Telcos, government agencies, Internet companies, and domain-name organizations to file cybersecurity information.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
News  |  9/13/2017  | 
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
Billions Of Bluetooth Devices Vulnerable To Code Execution, MITM Attacks
News  |  9/12/2017  | 
IoT security vendor Armis this week disclosed a total of 8 zero-day bugs in Bluetooth implementations in Android, Windows, Linux, and IOS.
Shopify Risk Director Talks Ecommerce, Bug Bounty Program
News  |  9/12/2017  | 
Andrew Dunbar shares his experience growing a retail-focused security team, and combating the many threats facing online merchants and their customers.
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017  | 
Security leaders can learn some valuable lessons from a real-life military model.
Why North Korean Actors May Be Targeting Cryptocurrencies
Quick Hits  |  9/12/2017  | 
FireEye links North Korean cyberthieves to a recent spate of spearphishing attacks against South Korea.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Tesla Hacks: The Good, The Bad, & The Ugly
Tesla Hacks: The Good, The Bad, & The Ugly
Dark Reading Videos  |  9/12/2017  | 
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine
Quick Hits  |  9/11/2017  | 
Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.
Ransomware, BEC, ICS Top Midyear Security Concerns
News  |  9/11/2017  | 
Business email compromise, ransomware, and industrial control attacks were among top security concerns in the first half of 2017.
Credit Card Hacker Roman Seleznev Enters More Guilty Pleas
News  |  9/11/2017  | 
The Russian hacker already hit with a 27-year prison sentence for credit card hacking pleads guilty to two more charges.
Why Relaxing Our Password Policies Might Actually Bolster User Safety
Commentary  |  9/11/2017  | 
Recent guidance from NIST may seem counterintuitive.
New Android 'Toast' Vuln Makes Overlay Attacks Easier
News  |  9/8/2017  | 
The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.
38% of Attorneys Fail to Disclose Cybersecurity Issues to Board
Quick Hits  |  9/8/2017  | 
Directors increasingly find themselves held accountable for cybersecurity breaches at their companies.
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Dark Reading Videos  |  9/8/2017  | 
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Microsoft: Ransomware Decline Reversed in March 2017
News  |  9/7/2017  | 
Researchers discovered 71 new ransomware families in the first half of 2017, when attacks picked up after several months of decline.
Is Public Sector Cybersecurity Adequate?
Commentary  |  9/7/2017  | 
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
10% of Ransomware Attacks on SMBs Targeted IoT Devices
News  |  9/7/2017  | 
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
Bitdefender Bug Bounty Program Goes Public with Bugcrowd
Quick Hits  |  9/7/2017  | 
Security researchers will be rewarded between $100 and $1,500 USD depending on the impact and severity of bugs discovered.
Sandbox-Aware Malware Foreshadows Potential Attacks
Commentary  |  9/7/2017  | 
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
New Microsoft Kernel Bug Could Permit Malicious Modules
News  |  9/6/2017  | 
Researchers found a Microsoft kernel bug that could allow attackers to bypass antivirus systems and load malware.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
GDPR Confusion Persists Among Businesses, Survey Shows
Quick Hits  |  9/6/2017  | 
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
Workplace IoT Puts Companies on Notice for Smarter Security
Commentary  |  9/6/2017  | 
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
Amazon S3 Bucket Leaks Expose Classified US Veteran Data
News  |  9/5/2017  | 
Improperly configured Amazon S3 buckets led to the exposure of data belonging to veterans with Top Secret security clearance and Time Warner Cable customers.
72% of Educational Institutions Lack Designated InfoSec Staff
Quick Hits  |  9/5/2017  | 
Vast majority of IT specialists in this sector feel ill-prepared for cybersecurity risks, according to report.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Judge Rules that Yahoo Breach Victims Can Sue
Quick Hits  |  9/5/2017  | 
The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Commentary  |  9/5/2017  | 
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
CISOs' Salaries Expected to Edge Above $240,000 in 2018
News  |  9/1/2017  | 
Other IT security professionals may garner six-figure salaries as well, new report shows.
How Effective Boards Drive Security Mandates
Commentary  |  9/1/2017  | 
The focus on cybersecurity policies must be prioritized from the top down.
Juniper Networks to Buy Cyphort for Threat Detection
Quick Hits  |  9/1/2017  | 
Company will integrate Cyphort into its Sky ATP platform to support more file types, and offer on- and off-premise support, analytics, and improved malware detection.
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15001
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
CVE-2020-15092
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
CVE-2020-15093
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
CVE-2020-15299
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
CVE-2020-4173
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...