News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
News  |  10/16/2018  | 
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
One-Third of US Adults Hit with Identity Theft
Quick Hits  |  10/11/2018  | 
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Commentary  |  10/9/2018  | 
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Most Home Routers Are Full of Vulnerabilities
Quick Hits  |  10/5/2018  | 
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
7 Steps to Start Your Risk Assessment
Slideshows  |  10/4/2018  | 
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
For $14.71, You Can Buy A Passport Scan on the Dark Web
News  |  10/4/2018  | 
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
An Intro to Intra, the Android App for DNS Encryption
News  |  10/3/2018  | 
Alphabet's Jigsaw has released Intra, a free security app that aims to prevent government censorship.
Putting Security on Par with DevOps
Commentary  |  10/3/2018  | 
Inside the cloud, innovation and automation shouldn't take a toll on protection.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
Stop Saying 'Digital Pearl Harbor'
Commentary  |  10/2/2018  | 
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
CISOs: How to Answer the 5 Questions Boards Will Ask You
Commentary  |  10/2/2018  | 
As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.
'Short, Brutal Lives': Life Expectancy for Malicious Domains
News  |  10/1/2018  | 
Using a cooling-off period for domain names can help catch those registered by known bad actors.
The Right Diagnosis: A Cybersecurity Perspective
Commentary  |  10/1/2018  | 
A healthy body and a healthy security organization have a lot more in common than most people think.
FBI IC3 Warns of RDP Vulnerability
Quick Hits  |  9/28/2018  | 
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
Facebook Hacked, 50 Million Users Affected
News  |  9/28/2018  | 
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
How Data Security Improves When You Engage Employees in the Process
Commentary  |  9/28/2018  | 
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
7 Most Prevalent Phishing Subject Lines
Slideshows  |  9/28/2018  | 
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
News  |  9/27/2018  | 
The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Ransomware Attack Hits Port of San Diego
Quick Hits  |  9/27/2018  | 
The attack began Monday and continues to have an impact on services at the port.
How to Keep Up Security in a Bug-Infested World
Commentary  |  9/27/2018  | 
Good digital hygiene will lower your risk, and these six tips can help.
Twitter Bug May Have Exposed Millions of DMs
Quick Hits  |  9/27/2018  | 
The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.
Security Flaw Found in Apple Mobile Device Enrollment Program
News  |  9/27/2018  | 
Authentication weakness in Apple's DEP could open a window of opportunity for attackers.
Alphabet's Chronicle Releases VirusTotal Enterprise
News  |  9/27/2018  | 
Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.
Google to Let Users Disable Automatic Login to Chrome
News  |  9/27/2018  | 
The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Critical Linux Kernel Flaw Gives Root Access to Attackers
News  |  9/26/2018  | 
All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
A 'Cyber Resilience' Report Card for the Public Sector
Commentary  |  9/26/2018  | 
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Owning Security in the Industrial Internet of Things
Commentary  |  9/26/2018  | 
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.
Mirai Authors Escape Jail Time But Here Are 7 Other Criminal Hackers Who Didn't
Slideshows  |  9/26/2018  | 
Courts are getting tougher on the cybercrooks than some might realize.
USB Drives Remain Critical Cyberthreat
News  |  9/26/2018  | 
USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware.
The Cyber Kill Chain Gets a Makeover
News  |  9/25/2018  | 
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
Cryptomining Malware Continues Rapid Growth: Report
Quick Hits  |  9/25/2018  | 
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
Page 1 / 2   >   >>


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.