Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Serverless Computing from the Inside Out
Joe Vadakkan, Global Cloud Security Leader, Optiv SecurityCommentary
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
By Joe Vadakkan Global Cloud Security Leader, Optiv Security, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
Jai Vijayan, Contributing WriterNews
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
By Jai Vijayan Contributing Writer, 6/19/2019
Comment2 comments  |  Read  |  Post a Comment
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
Robert Lemos, Contributing WriterNews
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
By Robert Lemos Contributing Writer, 6/17/2019
Comment1 Comment  |  Read  |  Post a Comment
The Life-Changing Magic of Tidying Up the Cloud
Kaus Phaltankar, CEO and Co-Founder at CaveonixCommentary
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
By Kaus Phaltankar CEO and Co-Founder at Caveonix, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
The CISO's Drive to Consolidation
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Rise of 'Purple Teaming'
Joseph R. Salazar, Technical Marketing EngineerCommentary
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
By Joseph R. Salazar Technical Marketing Engineer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
Predicting Vulnerability Weaponization
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 6/12/2019
Comment1 Comment  |  Read  |  Post a Comment
What 3 Powerful GoT Women Teach Us about Cybersecurity
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
By Orion Cassetto Senior Product Maester, Exabeam, 6/11/2019
Comment0 comments  |  Read  |  Post a Comment
How to Get the Most Benefits from Biometrics
Bojan Simic, Chief Technology Officer & Co-Founder of HYPRCommentary
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
By Bojan Simic Chief Technology Officer & Co-Founder of HYPR, 6/5/2019
Comment2 comments  |  Read  |  Post a Comment
Why FedRAMP Matters to Non-Federal Organizations
Daniel P. Kent, Director, Public Sector Engineering & CTO, Cisco SystemsCommentary
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
By Daniel P. Kent Director, Public Sector Engineering & CTO, Cisco Systems, 6/4/2019
Comment0 comments  |  Read  |  Post a Comment
Focusing on Endpoints: 5 Steps to Fight Cybercrime
Matthew Lewinski, Distinguished Engineer at Quest SoftwareCommentary
Follow these best practices to strengthen endpoint management strategies and protect company data.
By Matthew Lewinski Distinguished Engineer at Quest Software, 5/31/2019
Comment3 comments  |  Read  |  Post a Comment
The Ransomware Dilemma: What if Your Local Government Is Next?
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/30/2019
Comment5 comments  |  Read  |  Post a Comment
Don't Just Tune Your SIEM, Retune It
Robin Hicks, IT Security Engineer, CEDAR CX TechnologiesCommentary
Your SIEM isn't a set-it-and-forget-it proposition. It's time for a spring cleaning.
By Robin Hicks IT Security Engineer, CEDAR CX Technologies, 5/29/2019
Comment0 comments  |  Read  |  Post a Comment
FirstAm Leak Highlights Importance of Verifying the Basics
Robert Lemos, Contributing WriterNews
The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing.
By Robert Lemos Contributing Writer, 5/28/2019
Comment7 comments  |  Read  |  Post a Comment
Cybercrime: Looking Beyond the Dark Web
Ian W. Gray, Director of Americas, Research & Analysis, FlashpointCommentary
Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.
By Ian W. Gray Director of Americas, Research & Analysis, Flashpoint, 5/28/2019
Comment1 Comment  |  Read  |  Post a Comment
Satan Ransomware Adds More Evil Tricks
Robert Lemos, Contributing WriterNews
The latest changes to the Satan ransomware framework demonstrate attackers are changing their operations while targeting victims more carefully.
By Robert Lemos Contributing Writer, 5/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Old Threats Are New Again
Liron Barak, CEO of BitDamCommentary
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
By Liron Barak CEO of BitDam, 5/21/2019
Comment0 comments  |  Read  |  Post a Comment
Financial Sector Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.