7x彩票网appDark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
Malicious USB Drive Hides Behind Gift Card Lure
Quick Hits  |  3/27/2020  | 
Victims are being enticed to insert an unknown USB drive into their computers.
Virgin Media Could Pay ?4.5B for Leak Affecting 900,000 Customers
Quick Hits  |  3/27/2020  | 
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
Security Not a Priority for SAP Projects, Users Report
Quick Hits  |  3/26/2020  | 
Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Tupperware Hit by Card Skimmer Attack
Quick Hits  |  3/25/2020  | 
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
Quick Hits  |  3/25/2020  | 
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
New APT Targets Middle Eastern Victims
Quick Hits  |  3/24/2020  | 
The new malware, dubbed "Milum," can take control of industrial devices.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Cybercriminals' Promises to Pause During Pandemic Amount to Little
News  |  3/24/2020  | 
As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Quick Hits  |  3/23/2020  | 
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
From Zero to Hero: CISO Edition
Commentary  |  3/23/2020  | 
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Proof of Concept Released for kr00k Wi-Fi Vulnerability
Quick Hits  |  3/20/2020  | 
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
News  |  3/20/2020  | 
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
DDoS Attack Targets German Food Delivery Service
Quick Hits  |  3/19/2020  | 
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
New Study Calls Common Risk Figure into Question
News  |  3/19/2020  | 
Many risk models use a commonly quoted number -- $150 per record -- to estimate the cost of an incident. A new study from the Cyentia Institute says misusing that number means that estimates are almost never accurate.
Cyber Resilience Benchmarks 2020
Commentary  |  3/19/2020  | 
Here are four things that separate the leaders from the laggards when fighting cyber threats.
Achieving DevSecOps Requires Cutting Through the Jargon
Commentary  |  3/19/2020  | 
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
Process Injection Tops Attacker Techniques for 2019
News  |  3/18/2020  | 
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
500,000 Documents Exposed in Open S3 Bucket Incident
Quick Hits  |  3/18/2020  | 
The open database exposed highly sensitive financial and business documents related to two financial organizations.
7x彩票网app Got Tagged, but Not Hard Enough
Commentary  |  3/18/2020  | 
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
Trend Micro Patches Two Zero-Days Under Attack
Quick Hits  |  3/18/2020  | 
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
Attorney General Directs DoJ to Prioritize Coronavirus Crime
Quick Hits  |  3/17/2020  | 
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Commentary  |  3/17/2020  | 
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Needed: A Cybersecurity Good Samaritan Law
Commentary  |  3/17/2020  | 
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
Five Indicted on Romance and Lottery Fraud Charges
Quick Hits  |  3/16/2020  | 
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
Hellman & Friedman Acquires Checkmarx for $1.15B
Quick Hits  |  3/16/2020  | 
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
News  |  3/16/2020  | 
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Commentary  |  3/16/2020  | 
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
News  |  3/13/2020  | 
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
Big BEC Bust Brings Down Dozens
Quick Hits  |  3/13/2020  | 
Two dozen individuals have been named in the latest arrests of alleged participants in a business email compromise scheme that cost victims $30 million.
What Cybersecurity Pros Really Think About Artificial Intelligence
Slideshows  |  3/13/2020  | 
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Commentary  |  3/13/2020  | 
Law-abiding folks like us applauded Texas for its bravery ? but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
New Report Shows Breach Costs Continuing to Grow
Quick Hits  |  3/12/2020  | 
The costs associated with data breaches climb alongside the amount of data managed by the enterprise according to the latest Global Protection Index Snapshot.
Microsoft Patches Leaked Remote Code Execution Flaw
Quick Hits  |  3/12/2020  | 
A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.
Page 1 / 2   >   >>


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX 7x彩票网app PORTICO SERVER through 3.0.7 when installed to run as a service.

PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX 7x彩票网app PC WORX SRT through 1.14 allow for local privilege escalation.

PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom 7x彩票网appable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app