News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
Businesses Increase Investments in AI and Machine Learning
Quick Hits  |  3/14/2019  | 
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
New Malware Shows Marketing Polish
News  |  3/13/2019  | 
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
GPS Spoof Hits Geneva Motor Show
Quick Hits  |  3/13/2019  | 
Incident leaves GPS units showing a location in England and a date 17 years in the future.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Quick Hits  |  3/13/2019  | 
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
There May Be a Ceiling on Vulnerability Remediation
News  |  3/12/2019  | 
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
Web Apps Are Becoming Less Secure
News  |  3/12/2019  | 
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
News  |  3/12/2019  | 
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
How the Best DevSecOps Teams Make Risk Visible to Developers
News  |  3/12/2019  | 
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
Box Mistakes Leave Enterprise Data Exposed
Quick Hits  |  3/12/2019  | 
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
5 Essentials for Securing and Managing Windows 10
Commentary  |  3/12/2019  | 
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
Cybercriminals Think Small to Earn Big
Quick Hits  |  3/12/2019  | 
As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.
The 12 Worst Serverless Security Risks
Commentary  |  3/12/2019  | 
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
News  |  3/11/2019  | 
MongoDB once again used by database admin who opens unencrypted database to the whole world.
Cryptominers Remain Top Threat but Coinhive's Exit Could Change That
News  |  3/11/2019  | 
Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.
NSA, DHS Call for Info Sharing Across Public and Private Sectors
News  |  3/11/2019  | 
Industry leaders debate how government and businesses can work together on key cybersecurity issues.
Georgia's Jackson County Pays $400K to Ransomware Attackers
Quick Hits  |  3/11/2019  | 
The ransomware campaign started March 1 and shut down most of Jackson County's IT systems.
IT Security Administrators Aren't Invincible
Commentary  |  3/11/2019  | 
IT security administrators and their teams are responsible for evaluating an organization's security tools and technologies, but are they armed with the proper tools, considerations, and budget to do so? Fourth in a six-part series.
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
News  |  3/8/2019  | 
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
DHS: No Investigation Planned for Electrical Grid Incursions
News  |  3/8/2019  | 
The subtext to a panel discussion during RSA is that risks to national infrastructure are fraught with political considerations.
Ultrasound Machine Diagnosed with Major Security Gaps
News  |  3/8/2019  | 
Check Point researchers investigate security risks and point to implications for medical IoT devices.
How China & Russia Use Social Media to Sway the West
News  |  3/7/2019  | 
Researchers break down the differences in how China and Russia use social media to manipulate American audiences.
Debunking 5 Myths About Zero Trust Security
Commentary  |  3/7/2019  | 
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
4 Ways At-Work Apps Are Vulnerable to Attack
Commentary  |  3/7/2019  | 
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
It's Time to Rethink Your Vendor Questionnaire
Commentary  |  3/6/2019  | 
To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.
Fighting Alert Fatigue with Actionable Intelligence
Commentary  |  3/6/2019  | 
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
News  |  3/5/2019  | 
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
Cybercriminals Target Young Gamers
News  |  3/5/2019  | 
Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.
Care and Feeding of Your SIEM
Commentary  |  3/5/2019  | 
Six simple steps to mitigate the grunt work and keep your organization safe.
Lazarus Research Highlights Threat from North Korea
News  |  3/5/2019  | 
A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen.
Artificial Intelligence: The Terminator of Malware
Commentary  |  3/5/2019  | 
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
Incident Response: Having a Plan Isn't Enough
News  |  3/5/2019  | 
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018
News  |  3/4/2019  | 
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
Fixing Fragmentation Can Yield Tangible Benefits
News  |  3/4/2019  | 
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
CrowdStrike Debuts Mobile Threat Detection System at RSA Conference
News  |  3/4/2019  | 
Falcon for Mobile offers detection and response capabilities for mobile platforms.
Security Experts, Not Users, Are the Weakest Link
Commentary  |  3/1/2019  | 
CISOs: Stop abdicating responsibility for problems with users it's part of your job.
Security Pros Agree: Cloud Adoption Outpaces Security
News  |  3/1/2019  | 
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
Data Leak Exposes Dow Jones Watchlist Database
Quick Hits  |  2/28/2019  | 
The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone.
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
News  |  2/28/2019  | 
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
Bots Plague Ticketing Industry
News  |  2/28/2019  | 
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
In 2019, Cryptomining Just Might Have an Even Better Year
Commentary  |  2/28/2019  | 
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
IoT, APIs, and Criminal Bots Pose Evolving Dangers
News  |  2/27/2019  | 
A pair of reports reach similar conclusions about some of the threats growing in cyberspace and the industries likely to be most affected.
More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
News  |  2/27/2019  | 
As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Booter Owner Pleads Guilty in Federal Court
Quick Hits  |  2/27/2019  | 
Illinois man offered "DDoS for hire" services that hit millions of victims.
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Whose Line Is It? When Voice Phishing Attacks Get Sneaky
News  |  2/27/2019  | 
Researchers investigate malicious apps designed to intercept calls to legitimate numbers, making voice phishing attacks harder to detect.
Page 1 / 2   >   >>


It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.