News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Threat Intel: Finding Balance in an Overcrowded Market
News  |  4/23/2018  | 
Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.
Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity
News  |  4/23/2018  | 
.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
Cybercrime Economy Generates $1.5 Trillion a Year
News  |  4/20/2018  | 
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018  | 
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients
Quick Hits  |  4/20/2018  | 
Names, addresses, phone numbers, account balances, may have been exposed.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018  | 
Could these advanced technologies be putting user data at risk?
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Microsoft CISO Talks Threat Intel, 'Data Inclusion'
News  |  4/19/2018  | 
Dark Reading caught up with Microsoft's Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Quick Hits  |  4/19/2018  | 
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Securing Social Media: National Safety, Privacy Concerns
News  |  4/19/2018  | 
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
First Public Demo of Data Breach via IoT Hack Comes to RSAC
News  |  4/19/2018  | 
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018  | 
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
Researchers Discover Second rTorrent Vulnerability Campaign
Partner Perspectives  |  4/19/2018  | 
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
The Role of KPIs in Incident Response
Commentary  |  4/18/2018  | 
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
Latest News from RSAC 2018
News  |  4/18/2018  | 
Check out Dark Reading's exclusive coverage of the news and security themes that are dominating RSA Conference 2018 this week in San Francisco.
Data Visibility, Control Top Cloud Concerns at RSA
News  |  4/18/2018  | 
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018  | 
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
8 Ways Hackers Monetize Stolen Data
Slideshows  |  4/17/2018  | 
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Why We Need Privacy Solutions That Scale Across Borders
Commentary  |  4/17/2018  | 
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018  | 
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018  | 
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
Companies Still Suffering From Poor Credential Hygiene: New Report
Quick Hits  |  4/16/2018  | 
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
How GDPR Forces Marketers to Rethink Data & Security
Commentary  |  4/16/2018  | 
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
News  |  4/16/2018  | 
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018  | 
A new demonstration of malware shows that air-gapped computers may still be at risk.
Federal Agency Data Under Siege
Commentary  |  4/13/2018  | 
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Attacker Dwell Time Still Too Long, Research Shows
News  |  4/11/2018  | 
New DBIR and M-Trends reports show the window between compromise and discovery are still way too long.
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Commentary  |  4/11/2018  | 
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
'SirenJack' Vulnerability Lets Hackers Hijack Emergency Warning System
News  |  4/10/2018  | 
Unencrypted radio protocol that controls sirens left alert system at risk.
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
Microsoft Issues Rare Patch for Wireless Keyboard Flaw
News  |  4/10/2018  | 
Patch Tuesday includes 67 fixes the most critical of which are browser-related.
Pairing Policy & Technology: BYOD That Works for Your Enterprise
Commentary  |  4/10/2018  | 
An intelligent security policy coupled with the right technology can set you up for success with BYOD.
HTTP Injector Steals Mobile Internet Access
News  |  4/10/2018  | 
Users aren't shy about sharing the technique and payload in a new attack.
20 Ways to Increase the Efficiency of the Incident Response Workflow
Commentary  |  4/10/2018  | 
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
News  |  4/10/2018  | 
Outside attackers still the biggest problem - except in healthcare.
Ransomware Up for Businesses, Down for Consumers in Q1
News  |  4/9/2018  | 
Ransomware, spyware, and cryptomining were the biggest enterprise threats during an otherwise quiet quarter for malware, researchers report.
RTF Design, Office Flaw Exploited in Multi-Stage Document Attack
News  |  4/9/2018  | 
Threat actors chained CVE-2017-8570 with known design behaviors in .docx and RTF to launch a multi-stage document attack.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Businesses Fear 'Catastrophic Consequences' of Unsecured IoT
News  |  4/6/2018  | 
Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Study Finds Petabytes of Sensitive Data Open to the Internet
Quick Hits  |  4/6/2018  | 
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
News  |  4/5/2018  | 
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
How to Build a Cybersecurity Incident Response Plan
Commentary  |  4/5/2018  | 
Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.
Unpatched Vulnerabilities the Source of Most Data Breaches
News  |  4/5/2018  | 
New studies show how patching continues to dog most organizations - with real consequences.
Page 1 / 2   >   >>


8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.