Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2018
<<   <   Page 2 / 2
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
Kelihos Botnet Operator Pleads Guilty in Federal Court
Quick Hits  |  9/13/2018  | 
The 38-year-old Russian national operated several botnets and infected thousands of systems with malware.
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Modular Malware Brings Stealthy Attacks to Former Soviet States
News  |  9/12/2018  | 
A new malware technique is making phishing attacks harder to spot when they succeed.
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
News  |  9/12/2018  | 
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
News  |  9/12/2018  | 
In their place is a collection of new exploits for more recently disclosed and therefore not likely widely patched vulnerabilities.
4 Trends Giving CISOs Sleepless Nights
Commentary  |  9/12/2018  | 
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
Mobile Attack Rates Up 24% Globally, 44% in US
Quick Hits  |  9/12/2018  | 
One-third of all fraud targets are mobile, a growing source of all digital transactions.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
Mirai, Gafgyt Botnets Resurface with New Tricks
News  |  9/11/2018  | 
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
The Key to Stealing a Tesla Model S
Quick Hits  |  9/11/2018  | 
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
New 'Fallout' EK Brings Return of Old Ransomware
News  |  9/10/2018  | 
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Quick Hits  |  9/10/2018  | 
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
DevOps Demystified: A Primer for Security Practitioners
Commentary  |  9/10/2018  | 
Key starting points for those still struggling to understand the concept.
TLS 1.3 Won't Break Everything
Commentary  |  9/7/2018  | 
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
British Airways Issues Apology for Severe Data Breach
Quick Hits  |  9/7/2018  | 
The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers.
The Role of Incident Response in ICS Security Compliance
Commentary  |  9/7/2018  | 
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
News  |  9/6/2018  | 
New research sheds light on the biggest threats to strike ICS systems in the first half of 2018, and what's in store for the rest of this year.
Report: Data Breaches Hit Share Prices, Too
Quick Hits  |  9/6/2018  | 
A data breach has a measurable impact on stock price, according to a report looking at incidents from the past six years
Why a Healthy Data Diet Is the Secret to Healthy Security
Commentary  |  9/6/2018  | 
In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
US to Charge North Korea for Sony Breach, WannaCry
Quick Hits  |  9/6/2018  | 
The DoJ plans to charge North Korean threat actors for their involvement in two major cyberattacks, US officials report.
Understanding & Solving the Information-Sharing Challenge
Commentary  |  9/6/2018  | 
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
PowerPool Malware Uses Windows Zero-Day Posted on Twitter
News  |  9/5/2018  | 
Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
NIST Releases Draft on BGP Security
Quick Hits  |  9/5/2018  | 
Paper describes a technique to protect the Internet from Border Gateway Protocol route hijacking attacks.
Thoughts on the Latest Apache Struts Vulnerability
Commentary  |  9/5/2018  | 
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.
Lean, Mean & Agile Hacking Machine
Commentary  |  9/4/2018  | 
Hackers are thinking more like developers to evade detection and are becoming more precise in their targeting.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29800
PUBLISHED: 2021-09-23
IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2021-36823
PUBLISHED: 2021-09-23
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions &lt;= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.
CVE-2021-36873
PUBLISHED: 2021-09-23
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions &lt;= 1.2.11). Vulnerable parameter: &amp;blockcountry_blockmessage.
CVE-2021-38863
PUBLISHED: 2021-09-23
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.
CVE-2021-38864
PUBLISHED: 2021-09-23
IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.