Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
With GDPR's 'Right of Access,' Who Really Has Access?
Kelly Sheridan, Staff Editor, Dark ReadingNews
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Critical Firefox Vuln Used in Targeted Attacks
Dark Reading Staff, Quick Hits
Mozilla has released patches for the bug reported by Coinbase.
By Dark Reading Staff , 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Verizon Media, Uber, PayPal Top List of Companies Paying Bug Bounties
Dark Reading Staff, Quick Hits
A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.
By Dark Reading Staff , 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Serverless Computing from the Inside Out
Joe Vadakkan, Global Cloud Security Leader, Optiv SecurityCommentary
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
By Joe Vadakkan Global Cloud Security Leader, Optiv Security, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
6 Security Tips That'll Keep the Summer Fun
Steve Zurier, Contributing Writer
Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
By Steve Zurier Contributing Writer, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Sam Bocetta, Security AnalystCommentary
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
By Sam Bocetta Security Analyst, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
Jai Vijayan, Contributing WriterNews
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
By Jai Vijayan Contributing Writer, 6/19/2019
Comment2 comments  |  Read  |  Post a Comment
As Cloud Adoption Grows, DLP Remains Key Challenge
Kelly Sheridan, Staff Editor, Dark ReadingNews
As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2019
Comment0 comments  |  Read  |  Post a Comment
Advertising Alliance Plans Protocols to Reduce Dangerous Content
Dark Reading Staff, Quick Hits
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.
By Dark Reading Staff , 6/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Evolution of Identity
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 6/18/2019
Comment0 comments  |  Read  |  Post a Comment
Can Your Patching Strategy Keep Up with the Demands of Open Source?
 Tim Mackey, Principal Security Strategist, CyRC, at SynopsysCommentary
It's time to reassess your open source management policies and processes.
By Tim Mackey Principal Security Strategist, CyRC, at Synopsys, 6/18/2019
Comment4 comments  |  Read  |  Post a Comment
How Fraudulent Domains 'Hide in Plain Sight'
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2019
Comment1 Comment  |  Read  |  Post a Comment
DHS Tests Remote Exploit for BlueKeep RDP Vulnerability
Jai Vijayan, Contributing WriterNews
Agency urges organizations with vulnerable systems to apply mitigations immediately.
By Jai Vijayan Contributing Writer, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
New Decryptor Unlocks Latest Versions of Gandcrab
Dark Reading Staff, Quick Hits
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
By Dark Reading Staff , 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
The Life-Changing Magic of Tidying Up the Cloud
Kaus Phaltankar, CEO and Co-Founder at CaveonixCommentary
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
By Kaus Phaltankar CEO and Co-Founder at Caveonix, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
Common Hacker Tool Hit with Hackable Vulnerability
Dark Reading Staff, Quick Hits
A researcher has found a significant exploit in one of the most frequently used text editors.
By Dark Reading Staff , 6/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Sensory Overload: Filtering Out Cybersecurity's Noise
Joshua Goldfarb, Independent ConsultantCommentary
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
By Joshua Goldfarb Independent Consultant, 6/14/2019
Comment0 comments  |  Read  |  Post a Comment
The CISO's Drive to Consolidation
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
By Ericka Chickowski Contributing Writer, 6/13/2019
Comment4 comments  |  Read  |  Post a Comment
The Rise of 'Purple Teaming'
Joseph R. Salazar, Technical Marketing EngineerCommentary
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
By Joseph R. Salazar Technical Marketing Engineer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.