Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Government Agency Partners on New Tool for Election Security
Dark Reading Staff, Quick Hits
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
By Dark Reading Staff , 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
3 Fundamentals for Better Security and IT Management
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
By Chris Hallenbeck CISO for the Americas at Tanium, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Google Increases Top Android Hacking Prize to $1M
Dark Reading Staff, Quick Hits
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
By Dark Reading Staff , 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Malcolm Harkins, Chief Security & Trust OfficerCommentary
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
By Malcolm Harkins Chief Security & Trust Officer, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Employee Privacy in a Mobile Workplace
Michael J. Covington, Vice President of Product Strategy at WanderaCommentary
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
By Michael J. Covington Vice President of Product Strategy at Wandera, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Former White House CIO Shares Enduring Security Strategies
Kelly Sheridan, Staff Editor, Dark ReadingNews
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Why Multifactor Authentication Is Now a Hacker Target
Tanner Johnson, Senior Analyst, Connectivity & IoT, IHS MarkitCommentary
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Dark Reading Staff, Quick Hits
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
By Dark Reading Staff , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Attacker Mistake Botches Cyborg Ransomware Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Up Sharply in Third Quarter of 2019
Dark Reading Staff, Quick Hits
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
By Dark Reading Staff , 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhiCommentary
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
By Ari Singer CTO at TrustPhi, 11/19/2019
Comment1 Comment  |  Read  |  Post a Comment
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 11/19/2019
Comment3 comments  |  Read  |  Post a Comment
Magecart Hits Macy's: Retailer Discloses Data Breach
Dark Reading Staff, Quick Hits
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
By Dark Reading Staff , 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
Disney+ Credentials Land in Dark Web Hours After Service Launch
Dark Reading Staff, Quick Hits
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
By Dark Reading Staff , 11/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Windows Hello for Business Opens Door to New Attack Vectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Initiative Seeks to Secure Open Source Code
Jai Vijayan, Contributing WriterNews
New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.
By Jai Vijayan Contributing Writer, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerryCommentary
How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them.
By John McClurg Sr. VP & CISO, BlackBerry, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Discloses WhatsApp MP4 Video Vulnerability
Dark Reading Staff, Quick Hits
A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.
By Dark Reading Staff , 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Kevin von Keyserling & JD Kilgallin, Co-Founder & Chief Strategy officer; Senior Integration Engineer at KeyfactorCommentary
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
By Kevin von Keyserling & JD Kilgallin Co-Founder & Chief Strategy officer; Senior Integration Engineer at Keyfactor, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KhalilMills
Current Conversations Thank Pro
In reply to: thank so much
Post Your Own Reply
More Conversations
PR Newswire
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...