Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Slideshows  |  10/23/2019  | 
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices and critical business data best protected.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
Avast Foils Another CCleaner Attack
News  |  10/21/2019  | 
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
SOC Operations: 6 Vital Lessons & Pitfalls
Commentary  |  10/21/2019  | 
There is no one road to security operations success, but these guidelines will smooth your path.
Tor Weaponized to Steal Bitcoin
Quick Hits  |  10/18/2019  | 
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Quick Hits  |  10/17/2019  | 
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Data Privacy Protections for the Most Vulnerable Children
Commentary  |  10/17/2019  | 
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Typosquatting Websites Proliferate in Run-up to US Elections
News  |  10/16/2019  | 
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Sodinokibi Ransomware: Where Attackers' Money Goes
News  |  10/15/2019  | 
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
IoT Attacks Up Significantly in First Half of 2019
Quick Hits  |  10/15/2019  | 
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Commentary  |  10/14/2019  | 
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
FBI: Phishing Can Defeat Two-Factor Authentication
Quick Hits  |  10/11/2019  | 
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
iTunes Zero-Day Exploited to Deliver BitPaymer
News  |  10/10/2019  | 
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
USB Drive Security Still Lags
Quick Hits  |  10/9/2019  | 
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Quick Hits  |  10/9/2019  | 
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
NSA Issues Advisory on VPN Vulnerability Trio
Quick Hits  |  10/8/2019  | 
Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.
Most US Presidential Campaign Websites Offer Little Privacy Protection
News  |  10/8/2019  | 
New audit finds that privacy policies on 70% of the sites have no limits on data sharing.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Business Email Compromise Attacks Spike 269%
Quick Hits  |  10/8/2019  | 
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Commentary  |  10/8/2019  | 
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
Drupalgeddon2 Vulnerability Still Endangering CMSes
Quick Hits  |  10/7/2019  | 
A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.
Magecart Skimmers Spotted on 2M Websites
Quick Hits  |  10/7/2019  | 
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
FBI Investigates Mobile Voting Intrusion
Quick Hits  |  10/4/2019  | 
A group tried to access West Virginia's mobile voting app in 2018; now, the FBI is looking into what actually happened.
Android 0-Day Seen Exploited in the Wild
Quick Hits  |  10/4/2019  | 
The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices.
Cybercrime: AI's Growing Threat
Commentary  |  10/4/2019  | 
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
8 Ways Businesses Unknowingly Help Hackers
Slideshows  |  10/4/2019  | 
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
Facebook Patches Critical WhatsApp Security Flaw
News  |  10/3/2019  | 
Bug gives attackers a way to use GIF images to steal data from Android devices running the message app.
Researchers Link Magecart Group 4 to Cobalt Group
News  |  10/3/2019  | 
Their findings demonstrate how Group 4 is likely conducting server-side skimming in addition to client-side activity.
Page 1 / 2   >   >>


Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9521
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9522
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9523
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9524
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2019-16977
PUBLISHED: 2019-10-23
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.