News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
BEC Attacks to Exceed $9B in 2018: Trend Micro
News  |  1/18/2018  | 
Business email compromise is projected to skyrocket as attackers adopt sophisticated techniques to dupe their victims.
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Feds Team with Foreign Policy Experts to Assess US Election Security
News  |  1/18/2018  | 
Expert panel lays out potential risks for the 2018 election cycle and beyond
California Predicted to Lose $329M to Cybercrime in 2018
Quick Hits  |  1/18/2018  | 
The Golden State will be hit hardest but New York will lose the most money per incident.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
News  |  1/18/2018  | 
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers.
WatchGuard Buys DNS-Filtering Company Percipient Networks
Quick Hits  |  1/17/2018  | 
Percipient's 'Strongarm' to become part of WatchGuard's SMB security services.
Where to Find Security Holes in Serverless Architecture
News  |  1/17/2018  | 
Serverless architectures take away business responsibility for server management, but security should still be top of mind.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
In Security & Life, Busy Is Not a Badge of Honor
Commentary  |  1/16/2018  | 
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Most Common Exploits of 2017 in Microsoft Office, Windows
News  |  1/16/2018  | 
The most common exploit affects Microsoft Office and has been used by attackers in North Korea, China, and Iran.
Doh!!! The 10 Most Overlooked Security Tasks
Slideshows  |  1/16/2018  | 
Heres a list of gotchas that often slip past overburdened security pros.
Four Malicious Google Chrome Extensions Affect 500K Users
Quick Hits  |  1/16/2018  | 
ICEBRG Security Research team's finding highlights an often-overlooked threat.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
How to Attract More Women Into Cybersecurity Now
News  |  1/12/2018  | 
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession the dots just need to be connected.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Survey Suggests Many Are Still Waiting for Spectre, Meltdown Windows Updates
News  |  1/11/2018  | 
Microsoft's insistence on a specific registry key setting for offering the updates on systems appears to be the issue, security vendor Barkly says.
Microsoft Launches 'Private Conversations' in Skype
Quick Hits  |  1/11/2018  | 
New feature uses Signal Protocol for strong encryption.
Responding to the Rise of Fileless Attacks
News  |  1/11/2018  | 
Fileless attacks, easier to conduct and more effective than traditional malware-based threats, pose a growing challenge to enterprise targets.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
RIG EK Remains Top of Heap, Turns to Cryptomining
News  |  1/11/2018  | 
Popular exploit kit turns its sights to drive-by cryptomining in what security researchers believe will be a trend to follow in 2018.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
CISOs' No. 1 Concern in 2018: The Talent Gap
News  |  1/10/2018  | 
Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.
Cisco Adds Encrypted Traffic Analysis Function
News  |  1/10/2018  | 
New Encrypted Traffic Analytics is designed to help enterprises inspect encrypted traffic for malicious activity without having to decrypt it first.
AWS, Google Cloud Popular Home for Botnet Controllers
News  |  1/10/2018  | 
The number of command-and-control listings increase 32% in 2017, with more botnet controllers hosted in the cloud.
FBI Director: Cryptocurrency, Nation-State Attacks, Among Agency's Top Cybersecurity Concerns
Quick Hits  |  1/10/2018  | 
Speaking at International Conference on Cyber Security, FBI director Christopher Wray pointed to a rise in nation-state attacks - and strong encryption that limits bureau investigations.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign
News  |  1/10/2018  | 
PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency.
Microsoft Patches Exploited Office Bug
News  |  1/9/2018  | 
An Office memory corruption vulnerability is the only CVE reported as under active attack for this month's Patch Tuesday.
Microsoft: How the Threat Landscape Will Shift This Year
News  |  1/9/2018  | 
Exclusive interview with Windows Security lead on how 2017 was a "return to retro" security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
Threatcare Acquires Savage Security
Quick Hits  |  1/9/2018  | 
The deal expands Threatcare's business beyond its breach and attack simulation platform to include services and applied research.
Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches
News  |  1/9/2018  | 
Windows servers will see biggest degradation, as will Windows 7 and 8 client machines, Microsoft said.
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
20 Cybersecurity Vendors Getting Venture Capital Love
Slideshows  |  1/9/2018  | 
VCs splashed a record $4B in funding in the cybersecurity pool - here are some highlights among the early- to middle-stage startups who snagged big deals last year.
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
News  |  1/8/2018  | 
There's a lot at stake when it comes to patching the hardware flaws.
VTech to Pay $650,000 in FTC Settlement
Quick Hits  |  1/8/2018  | 
VTech's Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.
Emailed Cyberattack Targets 2018 Pyeongchang Olympics
News  |  1/8/2018  | 
More than 300 organizations associated with the 2018 Olympics have been hit with a targeted email campaign.
Cyxtera Technologies to Acquire Immunity
Quick Hits  |  1/8/2018  | 
Deal will bring penetration testing products and services to Cyxtera's threat analytics portfolio.
US Gov Outlines Steps to Fight Botnets, Automated Threats
Quick Hits  |  1/8/2018  | 
The US Departments of Commerce and Homeland Security identify the challenges of, and potential actions against, automated cyberattacks.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018  | 
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
Breach of India's Biometric Database Puts 1 Billion Users at Risk
Quick Hits  |  1/5/2018  | 
The Tribune reports that hackers gained access to users' names, addresses, phone numbers, and other PII.
LockPoS Malware Sneaks onto Kernel via new Injection Technique
News  |  1/5/2018  | 
"Alarming evolution" of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018  | 
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
New Adware Discovered in 22 Apps in Google Play
Quick Hits  |  1/5/2018  | 
The 'LightsOut' adware is found is flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times.
Google Apps Script Vulnerability Exposes SaaS to URL-based Threats
News  |  1/4/2018  | 
A new means of exploiting Google Apps Script lets attackers deliver malware using URLs.
DHS Discovers Privacy Incident Involving Former Employee
Quick Hits  |  1/4/2018  | 
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
Page 1 / 2   >   >>


How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
Researchers Offer a 'VirusTotal for ICS'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/16/2018
Which CISO 'Tribe' Do You Belong To?
Kelly Sheridan, Associate Editor, Dark Reading,  1/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.