Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Cybercrime-as-a-Service: No End in Sight
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
A Cybersecurity Weak Link: Linux and IoT
Migo Kedem, Senior Director of Products and Marketing at SentinelOneCommentary
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
By Migo Kedem Senior Director of Products and Marketing at SentinelOne, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Amit Sethi, Senior Principal Consultant at SynopsysCommentary
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
By Amit Sethi Senior Principal Consultant at Synopsys, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Not All Multifactor Authentication Is Created Equal
Alexandre Cagnoni, Director of Authentication at WatchGuard TechnologiesCommentary
Users should be aware of the strengths and weaknesses of the various MFA methods.
By Alexandre Cagnoni Director of Authentication at WatchGuard Technologies, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Stop Saying 'Digital Pearl Harbor'
Dave Weinstein, VP of Threat Research, Claroty Commentary
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
By Dave Weinstein VP of Threat Research, Claroty , 10/2/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Keep Up Security in a Bug-Infested World
Matt Watchinski, Senior Director of Threat Intelligence at CiscoCommentary
Good digital hygiene will lower your risk, and these six tips can help.
By Matt Watchinski Senior Director of Threat Intelligence at Cisco, 9/27/2018
Comment0 comments  |  Read  |  Post a Comment
The Human Factor in Social Media Risk
Dr. Sam Small, Chief Security Officer at ZeroFOXCommentary
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
By Dr. Sam Small Chief Security Officer at ZeroFOX, 9/25/2018
Comment2 comments  |  Read  |  Post a Comment
Hacking Back: Simply a Bad Idea
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
While the concept may sound appealing, it's rife with drawbacks and dangers.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 9/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
PJ Kirner, CTO & Founder, IllumioCommentary
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
By PJ Kirner CTO & Founder, Illumio, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Carlos Morales, Vice President of Global Sales Engineering and Operations at NETSCOUTCommentary
What's causing the uptick? Motivation, opportunity, and new capabilities.
By Carlos Morales Vice President of Global Sales Engineering and Operations at NETSCOUT, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment2 comments  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Enterprise Security Needs an Open Data Solution
Carey Nachenberg, Chief Scientist at ChronicleCommentary
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
By Carey Nachenberg Chief Scientist at Chronicle, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Foreshadow, SGX & the Failure of Trusted Execution
Yehuda Lindell, Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan UniversityCommentary
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
By Yehuda Lindell Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan University, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Practical Measures to Improve Election Security Now
Chris Wysopal,  Chief Technology Officer, CA Veracode Commentary
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
By Chris Wysopal Chief Technology Officer, CA Veracode , 9/11/2018
Comment1 Comment  |  Read  |  Post a Comment
DevOps Demystified: A Primer for Security Practitioners
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Key starting points for those still struggling to understand the concept.
By John B. Dickson CISSP, Principal, Denim Group, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.