Threat Intelligence

8/8/2018
05:10 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

10 Threats Lurking on the Dark Web

Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
2 of 11

1. Doxing of VIPs
Dark Web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, says Terbium Labs' Walther-Puri. While there's a sense that people know their personal info could be put out on the Dark Web, they don't always understand the full implications. The bad threat actors can aggregate a lot of open source information and use it to humiliate them. The lesson for everyone: Be careful what you share on social media because it can be used against you. 
Image Source: Shutterstock via fatmawati achmad zaenuri

1. Doxing of VIPs

Dark Web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, says Terbium Labs' Walther-Puri. While there's a sense that people know their personal info could be put out on the Dark Web, they don't always understand the full implications. The bad threat actors can aggregate a lot of open source information and use it to humiliate them. The lesson for everyone: Be careful what you share on social media because it can be used against you.

Image Source: Shutterstock via fatmawati achmad zaenuri

2 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR Institute,  12/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1817
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.
CVE-2018-1818
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.
CVE-2018-1821
PUBLISHED: 2018-12-13
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
CVE-2018-1886
PUBLISHED: 2018-12-13
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
CVE-2018-1887
PUBLISHED: 2018-12-13
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force...