Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis CybersecurityCommentary
As in any battle, understanding and exploiting the terrain often dictates the outcome.
By Craig Harber Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Ilan Abadi, VP and Global CISO, Teva Pharmaceutical IndustriesCommentary
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
By Ilan Abadi VP and Global CISO, Teva Pharmaceutical Industries, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum-Safe Cryptography: The Time to Prepare Is Now
Scott Totzke, CEO & Cofounder, ISARA CorporationCommentary
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
By Scott Totzke CEO & Cofounder, ISARA Corporation, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
Controlling Data Leakage in Cloud Test-Dev Environments
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
By Ameesh Divatia Co-Founder & CEO of Baffle, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
'Harvesting Attacks' & the Quantum Revolution
John Prisco, CEO of Quantum XChangeCommentary
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
By John Prisco CEO of Quantum XChange, 9/30/2019
Comment0 comments  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once Youve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment1 Comment  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Data Is the New Copper
Shuman Ghosemajumder, CTO, Shape SecurityCommentary
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
By Shuman Ghosemajumder CTO, Shape Security, 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at ZscalerCommentary
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
By Howie Xu Vice President of AI and Machine Learning at Zscaler, 9/10/2019
Comment8 comments  |  Read  |  Post a Comment
From Spyware to Ninja Cable
Iftah Bratspiess, CEO at Sepio SystemsCommentary
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
By Iftah Bratspiess CEO at Sepio Systems, 9/9/2019
Comment0 comments  |  Read  |  Post a Comment
Why Businesses Fail to Address DNS Security Exposures
Ronan David, Vice President of Strategy at EfficientIPCommentary
Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It's time to get proactive.
By Ronan David Vice President of Strategy at EfficientIP, 9/6/2019
Comment4 comments  |  Read  |  Post a Comment
Automation: Friend of the SOC Analyst
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 9/5/2019
Comment2 comments  |  Read  |  Post a Comment
It's Not Healthy to Confuse Compliance with Security
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 9/5/2019
Comment5 comments  |  Read  |  Post a Comment
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Terry Dunlap, Co-Founder & Chief Strategy Officer, ReFirm LabsCommentary
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
By Terry Dunlap Co-Founder & Chief Strategy Officer, ReFirm Labs, 8/27/2019
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.