Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2018
Page 1 / 2   >   >>
FBI IC3 Warns of RDP Vulnerability
Quick Hits  |  9/28/2018  | 
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
Facebook Hacked, 50 Million Users Affected
News  |  9/28/2018  | 
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
How Data Security Improves When You Engage Employees in the Process
Commentary  |  9/28/2018  | 
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
7 Most Prevalent Phishing Subject Lines
Slideshows  |  9/28/2018  | 
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
News  |  9/27/2018  | 
The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Ransomware Attack Hits Port of San Diego
Quick Hits  |  9/27/2018  | 
The attack began Monday and continues to have an impact on services at the port.
How to Keep Up Security in a Bug-Infested World
Commentary  |  9/27/2018  | 
Good digital hygiene will lower your risk, and these six tips can help.
Twitter Bug May Have Exposed Millions of DMs
Quick Hits  |  9/27/2018  | 
The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.
Security Flaw Found in Apple Mobile Device Enrollment Program
News  |  9/27/2018  | 
Authentication weakness in Apple's DEP could open a window of opportunity for attackers.
Alphabet's Chronicle Releases VirusTotal Enterprise
News  |  9/27/2018  | 
Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.
Google to Let Users Disable Automatic Login to Chrome
News  |  9/27/2018  | 
The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Critical Linux Kernel Flaw Gives Root Access to Attackers
News  |  9/26/2018  | 
All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
A 'Cyber Resilience' Report Card for the Public Sector
Commentary  |  9/26/2018  | 
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Owning Security in the Industrial Internet of Things
Commentary  |  9/26/2018  | 
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.
Mirai Authors Escape Jail Time But Here Are 7 Other Criminal Hackers Who Didn't
Slideshows  |  9/26/2018  | 
Courts are getting tougher on the cybercrooks than some might realize.
USB Drives Remain Critical Cyberthreat
News  |  9/26/2018  | 
USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware.
The Cyber Kill Chain Gets a Makeover
News  |  9/25/2018  | 
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
Cryptomining Malware Continues Rapid Growth: Report
Quick Hits  |  9/25/2018  | 
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
The Cloud Security Conundrum: Assets vs. Infrastructure
Commentary  |  9/25/2018  | 
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
The Human Factor in Social Media Risk
Commentary  |  9/25/2018  | 
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
Fault-Tolerant Method Used for Security Purposes in New Framework
News  |  9/24/2018  | 
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
In Quiet Change, Google Now Automatically Logging Users Into Chrome
News  |  9/24/2018  | 
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
6 Dark Web Pricing Trends
Slideshows  |  9/24/2018  | 
For cybercriminals, the Dark Web grows more profitable every day.
'Scan4you' Operator Gets 14-Year Sentence
Quick Hits  |  9/24/2018  | 
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
Hacking Back: Simply a Bad Idea
Commentary  |  9/24/2018  | 
While the concept may sound appealing, it's rife with drawbacks and dangers.
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Slideshows  |  9/21/2018  | 
Move beyond generic, annual security awareness training with these important tips.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
Executive Branch Makes Significant Progress As DMARC Deadline Nears
News  |  9/21/2018  | 
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Japanese Cryptocurrency Exchange Hit with $60M Theft
Quick Hits  |  9/20/2018  | 
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Commentary  |  9/20/2018  | 
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
Cryptojackers Grow Dramatically on Enterprise Networks
News  |  9/19/2018  | 
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
Mirai Hackers' Sentence Includes No Jail Time
Quick Hits  |  9/19/2018  | 
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
FBI: Phishing Attacks Aim to Swap Payroll Information
Quick Hits  |  9/19/2018  | 
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
IoT Threats Triple Since 2017
Quick Hits  |  9/18/2018  | 
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
Symantec Offers Free Website Security Service for Midterm Elections
News  |  9/18/2018  | 
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
GovPayNow Leak of 14M+ Records Dates Back to 2012
Quick Hits  |  9/18/2018  | 
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
RDP Ports Prove Hot Commodities on the Dark Web
News  |  9/17/2018  | 
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
Ransomware Takes Down Airport's Flight Information Screens
Quick Hits  |  9/17/2018  | 
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
News  |  9/13/2018  | 
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.