Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
5 Identity Challenges Facing Todays IT Teams
John Bennett, Senior VP & General Manager of Identity & Access at LastPass by LogMeInCommentary
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
By John Bennett Senior VP & General Manager of Identity & Access at LastPass by LogMeIn, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark ReadingNews
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Hits Fortnite Players
Dark Reading Staff, Quick Hits
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
'Phoning Home': Your Latest Data Exfiltration Headache
Jeff Costlow, CISO, ExtraHopCommentary
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
By Jeff Costlow CISO, ExtraHop, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
7 Big Factors Putting Small Businesses At Risk
Kelly Sheridan, Staff Editor, Dark Reading
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Dark Reading Staff, Quick Hits
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
By Dark Reading Staff , 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Apple Misstep Leaves iPhones Open to Jailbreak
Jai Vijayan, Contributing WriterNews
Newest version of iOS contains a critical bug that the company had previously already patched.
By Jai Vijayan Contributing Writer, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Cyberthreats Against Financial Services Up 56%
Dark Reading Staff, Quick Hits
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
By Dark Reading Staff , 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Improve the Patching Process
Kacy Zurkus, Contributing Writer
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
By Kacy Zurkus Contributing Writer, 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Instagram Added to Facebook Data-Abuse Bounty Program
Jai Vijayan, Contributing WriterNews
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
By Jai Vijayan Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Towns Across Texas Hit in Coordinated Ransomware Attack
Robert Lemos, Contributing WriterNews
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
By Robert Lemos Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast SecurityCommentary
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
By Jeff Williams CTO, Contrast Security, 8/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
European Central Bank Website Hit by Malware Attack
Dark Reading Staff, Quick Hits
The website was infected with malware that stole information on subscribers to a bank newsletter.
By Dark Reading Staff , 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Beat the Heat: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/16/2019
Comment0 comments  |  Read  |  Post a Comment
Behind the Scenes at ICS Village
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
5 Ways to Improve the Patching Process
Kacy Zurkus, Contributing Writer,  8/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15314
PUBLISHED: 2019-08-22
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVE-2019-15317
PUBLISHED: 2019-08-22
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
CVE-2019-15318
PUBLISHED: 2019-08-22
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
CVE-2016-10921
PUBLISHED: 2019-08-22
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
CVE-2017-18570
PUBLISHED: 2019-08-22
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.