Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2017
<<   <   Page 2 / 2
Businesses Fail to Properly Secure, Assess SSH: ISACA
Quick Hits  |  9/13/2017  | 
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
10 Ways to Prevent Your Mobile Devices From Becoming Bots
Slideshows  |  9/13/2017  | 
Enterprises may not notice a huge impact on their network's bandwidth, but other repercussions may loom in the background.
China to Create Data Repository to Log Cyberattacks
Quick Hits  |  9/13/2017  | 
Telcos, government agencies, Internet companies, and domain-name organizations to file cybersecurity information.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
News  |  9/13/2017  | 
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
Billions Of Bluetooth Devices Vulnerable To Code Execution, MITM Attacks
News  |  9/12/2017  | 
IoT security vendor Armis this week disclosed a total of 8 zero-day bugs in Bluetooth implementations in Android, Windows, Linux, and IOS.
Shopify Risk Director Talks Ecommerce, Bug Bounty Program
News  |  9/12/2017  | 
Andrew Dunbar shares his experience growing a retail-focused security team, and combating the many threats facing online merchants and their customers.
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017  | 
Security leaders can learn some valuable lessons from a real-life military model.
Why North Korean Actors May Be Targeting Cryptocurrencies
Quick Hits  |  9/12/2017  | 
FireEye links North Korean cyberthieves to a recent spate of spearphishing attacks against South Korea.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Tesla Hacks: The Good, The Bad, & The Ugly
Tesla Hacks: The Good, The Bad, & The Ugly
Dark Reading Videos  |  9/12/2017  | 
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine
Quick Hits  |  9/11/2017  | 
Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.
Ransomware, BEC, ICS Top Midyear Security Concerns
News  |  9/11/2017  | 
Business email compromise, ransomware, and industrial control attacks were among top security concerns in the first half of 2017.
Credit Card Hacker Roman Seleznev Enters More Guilty Pleas
News  |  9/11/2017  | 
The Russian hacker already hit with a 27-year prison sentence for credit card hacking pleads guilty to two more charges.
Why Relaxing Our Password Policies Might Actually Bolster User Safety
Commentary  |  9/11/2017  | 
Recent guidance from NIST may seem counterintuitive.
New Android 'Toast' Vuln Makes Overlay Attacks Easier
News  |  9/8/2017  | 
The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.
38% of Attorneys Fail to Disclose Cybersecurity Issues to Board
Quick Hits  |  9/8/2017  | 
Directors increasingly find themselves held accountable for cybersecurity breaches at their companies.
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Dark Reading Videos  |  9/8/2017  | 
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Microsoft: Ransomware Decline Reversed in March 2017
News  |  9/7/2017  | 
Researchers discovered 71 new ransomware families in the first half of 2017, when attacks picked up after several months of decline.
Is Public Sector Cybersecurity Adequate?
Commentary  |  9/7/2017  | 
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
10% of Ransomware Attacks on SMBs Targeted IoT Devices
News  |  9/7/2017  | 
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
Bitdefender Bug Bounty Program Goes Public with Bugcrowd
Quick Hits  |  9/7/2017  | 
Security researchers will be rewarded between $100 and $1,500 USD depending on the impact and severity of bugs discovered.
Sandbox-Aware Malware Foreshadows Potential Attacks
Commentary  |  9/7/2017  | 
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
New Microsoft Kernel Bug Could Permit Malicious Modules
News  |  9/6/2017  | 
Researchers found a Microsoft kernel bug that could allow attackers to bypass antivirus systems and load malware.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
GDPR Confusion Persists Among Businesses, Survey Shows
Quick Hits  |  9/6/2017  | 
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
Workplace IoT Puts Companies on Notice for Smarter Security
Commentary  |  9/6/2017  | 
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
Amazon S3 Bucket Leaks Expose Classified US Veteran Data
News  |  9/5/2017  | 
Improperly configured Amazon S3 buckets led to the exposure of data belonging to veterans with Top Secret security clearance and Time Warner Cable customers.
72% of Educational Institutions Lack Designated InfoSec Staff
Quick Hits  |  9/5/2017  | 
Vast majority of IT specialists in this sector feel ill-prepared for cybersecurity risks, according to report.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Judge Rules that Yahoo Breach Victims Can Sue
Quick Hits  |  9/5/2017  | 
The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Commentary  |  9/5/2017  | 
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
CISOs' Salaries Expected to Edge Above $240,000 in 2018
News  |  9/1/2017  | 
Other IT security professionals may garner six-figure salaries as well, new report shows.
How Effective Boards Drive Security Mandates
Commentary  |  9/1/2017  | 
The focus on cybersecurity policies must be prioritized from the top down.
Juniper Networks to Buy Cyphort for Threat Detection
Quick Hits  |  9/1/2017  | 
Company will integrate Cyphort into its Sky ATP platform to support more file types, and offer on- and off-premise support, analytics, and improved malware detection.
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
<<   <   Page 2 / 2


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.