Vulnerabilities / Threats

News & Commentary
Survey Shows a Security Conundrum
Dark Reading Staff, Quick Hits
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
By Dark Reading Staff , 4/24/2019
Comment1 Comment  |  Read  |  Post a Comment
Two Charged with Economic Espionage, GE Trade Secret Theft
Dark Reading Staff, Quick Hits
A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.
By Dark Reading Staff , 4/24/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Aren't Invincible & We Must Use That to Our Advantage
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
The bad guys only seem infallible. Use their weaknesses to beat them.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 4/24/2019
Comment0 comments  |  Read  |  Post a Comment
New Twist in the Stuxnet Story
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Google File Cabinet Plays Host to Malware Payloads
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
By Kelly Sheridan Staff Editor, Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Windows, Antivirus Software at Odds After Latest Update
Robert Lemos, Technology Journalist/Data ResearcherNews
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
By Robert Lemos Technology Journalist/Data Researcher, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
City of Stuart Still Recovering from Ryuk Ransomware Attack
Dark Reading Staff, Quick Hits
Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.
By Dark Reading Staff , 4/23/2019
Comment1 Comment  |  Read  |  Post a Comment
App Exposes Wi-Fi Credentials for Thousands of Private Networks
Dark Reading Staff, Quick Hits
A database used by WiFi Finder was left open and unprotected on the Internet.
By Dark Reading Staff , 4/23/2019
Comment1 Comment  |  Read  |  Post a Comment
Exploits for Adobe Vulnerabilities Spiked in 2018
Jai Vijayan, Freelance writerNews
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
By Jai Vijayan Freelance writer, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
When Every Attack Is a Zero Day
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Will the US Adopt a National Privacy Law?
Seth P.  Berman, Partner, NutterCommentary
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
By Seth P. Berman Partner, Nutter, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Get the Most from Your IDS/IPS
Curtis Franklin Jr., Senior Editor at Dark Reading
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
Steve Zurier, Freelance WriterNews
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
By Steve Zurier Freelance Writer, 4/23/2019
Comment1 Comment  |  Read  |  Post a Comment
Who Gets Targeted Most in Cyberattack Campaigns
Dark Reading Staff, Quick Hits
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
By Dark Reading Staff , 4/22/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of ClearswiftCommentary
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
By Guy Bunker CTO of Clearswift, 4/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Dark Reading Staff, Quick Hits
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Free Princeton Application Provides IoT Traffic Insight
Dark Reading Staff, Quick Hits
The application developed by a research group allows users to spot possible IoT security problems.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
By Darren Anstee Chief Technology Officer at Arbor Networks, 4/19/2019
Comment3 comments  |  Read  |  Post a Comment
Third-Party Cyber-Risk by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Cisco Issues 31 Mid-April Security Alerts
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among them, two are critical and six are of high importance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11515
PUBLISHED: 2019-04-25
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
CVE-2019-11511
PUBLISHED: 2019-04-25
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
CVE-2019-11513
PUBLISHED: 2019-04-25
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVE-2019-11514
PUBLISHED: 2019-04-25
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVE-2019-11506
PUBLISHED: 2019-04-24
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to Expo...