Vulnerabilities / Threats

News & Commentary
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Universities Get Schooled by Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
Jai Vijayan, Freelance writerNews
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
By Jai Vijayan Freelance writer, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Is World's Biggest Criminal Growth Industry
Dark Reading Staff, Quick Hits
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Education Gets an 'F' for Cybersecurity
Dark Reading Staff, Quick Hits
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment5 comments  |  Read  |  Post a Comment
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology Journalist/Data ResearcherNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: camera, camera everywhere, not a single news to rely on
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16873
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, b...
CVE-2018-16874
PUBLISHED: 2018-12-14
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in mod...
CVE-2018-16875
PUBLISHED: 2018-12-14
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ...
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.