News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Necurs Botnet Goes Phishing for Banks
News  |  8/16/2018  | 
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
Researcher Finds MQTT Hole in IoT Defenses
News  |  8/16/2018  | 
A commonly used protocol provides a gaping backdoor when misconfigured.
Active Third-Party Content the Bane of Web Security
News  |  8/16/2018  | 
New reports shows many of the world's most popular sites serve up active content from risky sources.
Facebook Awards $1M for Defense-Based Research
Quick Hits  |  8/16/2018  | 
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Intel Reveals New Spectre-Like Vulnerability
News  |  8/15/2018  | 
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
Instagram Hack: Hundreds Affected, Russia Suspected
Quick Hits  |  8/15/2018  | 
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
News  |  8/14/2018  | 
Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
News  |  8/14/2018  | 
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
News  |  8/14/2018  | 
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
News  |  8/14/2018  | 
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
Hacker Unlocks 'God Mode' and Shares the 'Key'
News  |  8/13/2018  | 
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
Social Engineers Show Off Their Tricks
News  |  8/13/2018  | 
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
News  |  8/13/2018  | 
Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
'Hack the Marine Corps' Bug Bounty Event Held in Vegas
News  |  8/13/2018  | 
$80K in payouts went to handpicked hackers in nine-hour event during DEF CON in Las Vegas.
Nigerian National Convicted for Phishing US Universities
Quick Hits  |  8/13/2018  | 
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
FBI Warns of Cyber Extortion Scam
Quick Hits  |  8/13/2018  | 
Spear-phishing techniques are breathing new life into an old scam.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
News  |  8/10/2018  | 
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
6 Eye-Raising Third-Party Breaches
Slideshows  |  8/10/2018  | 
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
Xori Adds Speed, Breadth to Disassembler Lineup
News  |  8/9/2018  | 
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
News  |  8/9/2018  | 
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
Weakness in WhatsApp Enables Large-Scale Social Engineering
News  |  8/9/2018  | 
Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
White Hat to Black Hat: What Motivates the Switch to Cybercrime
News  |  8/8/2018  | 
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
10 Threats Lurking on the Dark Web
Slideshows  |  8/8/2018  | 
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
News  |  8/8/2018  | 
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
Even 'Regular Cybercriminals' Are After ICS Networks
News  |  8/7/2018  | 
A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Expect API Breaches to Accelerate
News  |  8/7/2018  | 
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
US-CERT Warns of New Linux Kernel Vulnerability
Quick Hits  |  8/7/2018  | 
Patches now available to prevent DoS attack on Linux systems.
Salesforce Customer Data Possibly Exposed in API Glitch
Quick Hits  |  8/6/2018  | 
The issue was discovered and fixed on July 18.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Mastering MITRE's ATT&CK Matrix
Slideshows  |  8/6/2018  | 
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
Dept. of Energy to Test Electrical Grid Against Cyberattacks
Quick Hits  |  8/3/2018  | 
This is the first time the Department of Energy will test the electrical grid's ability to recover from a blackout caused by cyberattacks.
FBI Offers New IoT Security Tips
Quick Hits  |  8/3/2018  | 
A new article from the FBI offers insight into IoT risks and ways to reduce them.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Is SMS 2FA Enough Login Protection?
News  |  8/3/2018  | 
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
Cryptojacker Campaign Hits MikroTik Routers
News  |  8/2/2018  | 
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.