Zero-Day Attacks Major Concern in Hybrid Cloud
2/28/2018Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Post a Comment
Author
Profile of Kelly Sheridan
Staff Editor, Dark Reading Member Since: 11/15/2013Author
News & Commentary Posts: 483
Comments: 4
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
Articles by Kelly Sheridan
posted in February 2018
posted in February 2018
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Post a Comment
SAML Flaw Lets Hackers Assume Users' Identities
2/27/2018Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Post a Comment
Adobe Flash Vulnerability Reappears in Malicious Word Files
2/26/2018CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
Post a Comment
93% of Cloud Applications Aren't Enterprise-Ready
2/23/2018The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
Post a Comment
10 Can't-Miss Talks at Black Hat Asia
2/23/2018With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Post a Comment
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
2/21/2018Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Post a Comment
Facebook Aims to Make Security More Social
2/20/2018Facebook's massive user base creates an opportunity to educate billions on security.
Post a Comment
13 Russians Indicted for Massive Operation to Sway US Election
2/16/2018Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
2/15/2018New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Post a Comment
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
2/14/2018The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Post a Comment
AI and Machine Learning: Breaking Down Buzzwords
2/13/2018Security experts explain two of today's trendiest technologies to explain what they mean and where you need them.
Post a Comment
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
2/13/2018A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
Post a Comment
Cyberattack Aimed to Disrupt Opening of Winter Olympics
2/12/2018Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
Post a Comment
Google Paid $2.9M for Vulnerabilities in 2017
2/9/2018The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
Post a Comment
Cyber Warranties: What to Know, What to Ask
2/9/2018The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
Post a Comment
8 Nation-State Hacking Groups to Watch in 2018
2/9/2018The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Post a Comment
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
2/7/2018Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Post a Comment
Security vs. Speed: The Risk of Rushing to the Cloud
2/6/2018Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
Post a Comment
Microsoft Updates Payment, Criteria for Windows Bug Bounty
2/6/2018The Windows Insider Preview Bounty Program will award between $500 and $15,000 for eligible submissions.
Post a Comment
Over 12,000 Business Websites Leveraged for Cybercrime
2/5/2018Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.
Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
2/1/2018Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
Post a Comment
White Papers
Video
1 Comments
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This