Vulnerabilities / Threats //

Advanced Threats

News & Commentary
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber IntelligenceCommentary
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
By Guy Nizan CEO at Intsights Cyber Intelligence, 12/18/2018
Comment2 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Toyota Builds Open-Source Car-Hacking Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
PASTA testing platform specs will be shared via open-source.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Emerging Trends in Cybercrime
Derek Manky, Global Security Strategist, FortinetCommentary
Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms.
By Derek Manky Global Security Strategist, Fortinet, 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
Jai Vijayan, Freelance writerNews
But ransomware attacks go through the roof, new threat data from SonicWall shows.
By Jai Vijayan Freelance writer, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Establishing True Trust in a Zero-Trust World
Ojas Rege, Chief Strategy Officer at MobileIronCommentary
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
By Ojas Rege Chief Strategy Officer at MobileIron, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Data Breach Threats Bigger Than Ever
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A quarter of IT and security leaders expect a major data breach in the next year.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Oege de Moor, CEO and Co-Founder at SemmleCommentary
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
By Oege de Moor CEO and Co-Founder at Semmle, 11/8/2018
Comment1 Comment  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIPCommentary
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
By Jonathan Zhang CEO/Founder of WhoisXML API and TIP, 11/7/2018
Comment2 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Tackling Cybersecurity from the Inside Out
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
New online threats require new solutions.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/2/2018
Comment0 comments  |  Read  |  Post a Comment
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Sara Peters, Senior Editor at Dark ReadingNews
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
By Sara Peters Senior Editor at Dark Reading, 10/31/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber Intelligence,  12/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20228
PUBLISHED: 2018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
CVE-2018-20230
PUBLISHED: 2018-12-19
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-20231
PUBLISHED: 2018-12-19
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVE-2018-20227
PUBLISHED: 2018-12-19
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...