Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data ResearcherNews
Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.
By Robert Lemos Technology Journalist/Data Researcher, 4/19/2019
Comment11 comments  |  Read  |  Post a Comment
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
By Darren Anstee Chief Technology Officer at Arbor Networks, 4/19/2019
Comment3 comments  |  Read  |  Post a Comment
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
By Orion Cassetto Senior Product Maester, Exabeam, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
Robert Lemos, Technology Journalist/Data ResearcherNews
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
By Robert Lemos Technology Journalist/Data Researcher, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Selecting the Right Strategy to Reduce Vulnerability Risk
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
New Attacks (and Old Attacks Made New)
Derek Manky, Global Security Strategist, FortinetCommentary
Although new attacks might get the most attention, don't assume old ones have gone away.
By Derek Manky Global Security Strategist, Fortinet, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cloudy with a Chance of Security Breach
Ronan David, Chief Marketing Officer and Vice President of Business Development for EfficientIPCommentary
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
By Ronan David Chief Marketing Officer and Vice President of Business Development for EfficientIP, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
Robert Lemos, Technology Journalist/Data ResearcherNews
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
By Robert Lemos Technology Journalist/Data Researcher, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
Ignore the Insider Threat at Your Peril
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Advanced Persistent Threat: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
From sushi and phishing to robots, passwords and ninjas -- and the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 4/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Stephen Cox, VP & CSA, SecureAuthCommentary
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
By Stephen Cox VP & CSA, SecureAuth, 4/5/2019
Comment4 comments  |  Read  |  Post a Comment
Third Parties in Spotlight as More Facebook Data Leaks
Robert Lemos, Technology Journalist/Data ResearcherNews
Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.
By Robert Lemos , 4/4/2019
Comment1 Comment  |  Read  |  Post a Comment
True Cybersecurity Means a Proactive Response
Liron Barak, CEO of BitDamCommentary
Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.
By Liron Barak CEO of BitDam, 4/4/2019
Comment0 comments  |  Read  |  Post a Comment
Privacy & Regulatory Considerations in Enterprise Blockchain
Steve McNew, Senior Managing Director at FTI ConsultingCommentary
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
By Steve McNew Senior Managing Director at FTI Consulting, 4/3/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum Computing and Code-Breaking
Pankaj Parekh, Chief Product & Strategy Officer at SecurityFirstCommentary
Prepare today for the quantum threats of tomorrow.
By Pankaj Parekh Chief Product & Strategy Officer at SecurityFirst, 3/28/2019
Comment0 comments  |  Read  |  Post a Comment
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Brandon Dobrec, Senior Product Manager,  LookingGlass Cyber SolutionsCommentary
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
By Brandon Dobrec Senior Product Manager, LookingGlass Cyber Solutions, 3/28/2019
Comment0 comments  |  Read  |  Post a Comment
Russia Regularly Spoofs Regional GPS
Robert Lemos, Technology Journalist/Data ResearcherNews
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
By Robert Lemos Technology Journalist/Data Researcher, 3/26/2019
Comment6 comments  |  Read  |  Post a Comment
Under Attack: Over Half of SMBs Breached Last Year
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
By Marc Wilczek Digital Strategist & CIO Advisor, 3/26/2019
Comment2 comments  |  Read  |  Post a Comment
Hacker AI vs. Enterprise AI: A New Threat
Satish Abburi, Founder of Elysium AnalyticsCommentary
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
By Satish Abburi Founder of Elysium Analytics, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.