Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Get Organized Like a Villain
Rob Ragan & Alex DeFreese, Principal Security Researcher & Managing Security Associate at Bishop FoxCommentary
What cybercrime group FIN7 can teach us about using agile frameworks.
By Rob Ragan & Alex DeFreese Principal Security Researcher & Managing Security Associate at Bishop Fox, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Intel's CPU Flaws Continue to Create Problems for the Tech Community
Irfan Ahmed, Assistant Professor in the Department of Computer Science at Virginia Commonwealth UniversityCommentary
We can't wait out this problem and hope that it goes away. We must be proactive.
By Irfan Ahmed Assistant Professor in the Department of Computer Science at Virginia Commonwealth University, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
By Shane Buckley President & Chief Operating Officer, Gigamon, 12/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
How to Get Prepared for Privacy Legislation
Tony Anscombe, Global Security Evangelist & Industry Partnership Ambassador at ESETCommentary
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
By Tony Anscombe Global Security Evangelist & Industry Partnership Ambassador at ESET, 11/27/2019
Comment9 comments  |  Read  |  Post a Comment
DDoS: An Underestimated Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/26/2019
Comment7 comments  |  Read  |  Post a Comment
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Avidan Avraham, Security Researcher at Cato NetworksCommentary
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
By Avidan Avraham Security Researcher at Cato Networks, 11/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
Robert Lemos, Contributing WriterNews
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
By Robert Lemos Contributing Writer, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Kevin von Keyserling & JD Kilgallin, Co-Founder & Chief Strategy officer; Senior Integration Engineer at KeyfactorCommentary
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
By Kevin von Keyserling & JD Kilgallin Co-Founder & Chief Strategy officer; Senior Integration Engineer at Keyfactor, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLensCommentary
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
By Jack Freund Director, Risk Science at RiskLens, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/12/2019
Comment3 comments  |  Read  |  Post a Comment
Accounting Scams Continue to Bilk Businesses
Robert Lemos, Contributing WriterNews
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows most often via e-mail continue to enable big paydays.
By Robert Lemos Contributing Writer, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Social Media: Corporate Cyber Espionage's Channel of Choice
Otavio Freire, CTO & President, SafeGuard CyberCommentary
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
By Otavio Freire CTO & President, SafeGuard Cyber, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Disclosure Does Little to Dissuade Cyber Spies
Robert Lemos, Contributing WriterNews
In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.
By Robert Lemos Contributing Writer, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Holiday Security Tips for Retailers
Steve Zurier, Contributing Writer
Here's how retailers can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
By Steve Zurier Contributing Writer, 11/1/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...