Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Flaws in Telegram & WhatsApp on Android Put Data at Risk
News  |  7/15/2019  | 
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
News  |  7/15/2019  | 
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine
Quick Hits  |  7/15/2019  | 
The fine, for the social media giant's role in the Cambridge Analytica scandal, would be the largest ever against a tech company.
Software Developers Face Secure Coding Challenges
News  |  7/15/2019  | 
Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
Competing Priorities Mean Security Risks for Small Businesses
Quick Hits  |  7/12/2019  | 
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Commentary  |  7/12/2019  | 
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Data Center Changes Push Cyber Risk to Network's Edge
News  |  7/11/2019  | 
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
How to Catch a Phish: Where Employee Awareness Falls Short
News  |  7/11/2019  | 
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
Software Engineer Charged for Taking Stolen Trade Secrets to China
Quick Hits  |  7/11/2019  | 
Xudong Yao reportedly stole proprietary information from his employer and brought it to China, where he is believed to currently reside.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Summer: A Time for Vacations & Cyberattacks?
News  |  7/11/2019  | 
About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Persistent Threats Can Last Inside SMB Networks for Years
News  |  7/11/2019  | 
The average dwell time for riskware can be as much as 869 days.
Industry Insight: Checking Up on Healthcare Security
News  |  7/10/2019  | 
Modern threats putting healthcare organization at risk, how they're improving their security posture, and where many fall short.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Vulnerability Found in GE Anesthesia Machines
Quick Hits  |  7/10/2019  | 
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.
Intel Releases Updates for Storage & Diagnostic Tools
Quick Hits  |  7/10/2019  | 
CISA released an alert telling users about the updates to firmware in Intel SSD and Processor Diagnostic products.
4 Reasons Why SOC Superstars Quit
Commentary  |  7/10/2019  | 
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Slideshows  |  7/10/2019  | 
A Raspberry Pi attached to the network at NASA JPL became the doorway for a massive intrusion and subsequent data loss. Here's how to keep the same thing from happening to your network.
Financial Impact of Cybercrime Exceeded $45B in 2018
News  |  7/9/2019  | 
Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
News  |  7/9/2019  | 
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
Microsoft Patches Zero-Day Vulnerabilities Under Active Attack
News  |  7/9/2019  | 
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.
Cloud Security and Risk Mitigation
Commentary  |  7/9/2019  | 
Just because your data isn't on-premises doesn't mean you're not responsible for security.
Cybercriminals Target Budding Cannabis Retailers
Quick Hits  |  7/9/2019  | 
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
Insider Threats: An M&A Dealmaker's Nightmare
Commentary  |  7/9/2019  | 
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
DevOps' Inevitable Disruption of Security Strategy
News  |  7/9/2019  | 
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
Android App Publishers Won't Take 'No' for an Answer on Personal Data
News  |  7/8/2019  | 
Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission.
Researchers Poke Holes in Siemens Simatic S7 PLCs
News  |  7/8/2019  | 
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
D-Link Agrees to Strengthen Device Security
Quick Hits  |  7/3/2019  | 
A settlement with the FTC should mean comprehensive security upgrades for D-Link routers and IP camera.
US Military Warns Companies to Look Out for Iranian Outlook Exploits
News  |  7/3/2019  | 
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
Sodin Ransomware Exploits Windows Privilege Escalation Bug
News  |  7/3/2019  | 
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Commentary  |  7/3/2019  | 
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
New MacOS Malware Discovered
News  |  7/2/2019  | 
A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.
'Human Side-Channels': Behavioral Traces We Leave Behind
News  |  7/2/2019  | 
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Commentary  |  7/2/2019  | 
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
Poor Communications Slowing DevOps Shift
Quick Hits  |  7/2/2019  | 
Existing functional silos are standing in the way of building a DevOps culture.
Lake City Employee Fired Following Ransom Payment
Quick Hits  |  7/2/2019  | 
The Florida city approved its insurer to pay $460,000 in ransom for a cyberattack that shut down servers, email, and phone.
The Case for Encryption: Fact vs. Fiction
Commentary  |  7/2/2019  | 
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
Ransomware Hits Georgia Court System
Quick Hits  |  7/1/2019  | 
The court's IT department is meeting with external agencies to determine the scope and severity of the cyberattack.
Building the Future Through Security Internships
Commentary  |  7/1/2019  | 
Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.
MageCart Launches Customizable Campaign
News  |  6/28/2019  | 
A tool new to MageCart bolsters the group's ability to evade detection and steal data.
Key Biscayne Hit by Cybersecurity Attack
Quick Hits  |  6/28/2019  | 
Key Biscayne is the third Florida town to be hit by hackers in June.
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
How Hackers Infiltrate Open Source Projects
News  |  6/27/2019  | 
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
Understanding & Defending Against Polymorphic Attacks
Commentary  |  6/27/2019  | 
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.
Office 365 Multifactor Authentication Done Right
Commentary  |  6/27/2019  | 
Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves.
Malware Coming to a Mac Near You? Yes, Say Security Firms
News  |  6/26/2019  | 
While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.
New Linux Worm Attacks IoT Devices
Quick Hits  |  6/26/2019  | 
Silex has 'bricked' more than 2,000 Linux-based IoT devices so far.
Page 1 / 2   >   >>


10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0234
PUBLISHED: 2019-07-15
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of ...
CVE-2018-7838
PUBLISHED: 2019-07-15
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP C...
CVE-2019-6822
PUBLISHED: 2019-07-15
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6823
PUBLISHED: 2019-07-15
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6824
PUBLISHED: 2019-07-15
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.