Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Accounting Scams Continue to Bilk Businesses
Robert Lemos, Contributing WriterNews
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows most often via e-mail continue to enable big paydays.
By Robert Lemos Contributing Writer, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Social Media: Corporate Cyber Espionage's Channel of Choice
Otavio Freire, CTO & President, SafeGuard CyberCommentary
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
By Otavio Freire CTO & President, SafeGuard Cyber, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Disclosure Does Little to Dissuade Cyber Spies
Robert Lemos, Contributing WriterNews
In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.
By Robert Lemos Contributing Writer, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Holiday Security Tips for Retailers
Steve Zurier, Contributing Writer
Here's how retailers can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
By Steve Zurier Contributing Writer, 11/1/2019
Comment1 Comment  |  Read  |  Post a Comment
8 Trends in Vulnerability and Patch Management
Jai Vijayan, Contributing Writer
Unpatched flaws continue to be a major security issue for many organizations.
By Jai Vijayan Contributing Writer, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cloud-Native Applications Need Cloud-Native Security
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
By Trevor Pott Product Marketing Director at Juniper Networks, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment3 comments  |  Read  |  Post a Comment
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
James Plouffe, Lead Architect at MobileIronCommentary
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
By James Plouffe Lead Architect at MobileIron, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Federal CIOs Zero In on Zero Trust
William Peteroy, Chief Technology Officer, Security, at GigamonCommentary
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis CybersecurityCommentary
As in any battle, understanding and exploiting the terrain often dictates the outcome.
By Craig Harber Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Ilan Abadi, VP and Global CISO, Teva Pharmaceutical IndustriesCommentary
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
By Ilan Abadi VP and Global CISO, Teva Pharmaceutical Industries, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum-Safe Cryptography: The Time to Prepare Is Now
Scott Totzke, CEO & Cofounder, ISARA CorporationCommentary
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
By Scott Totzke CEO & Cofounder, ISARA Corporation, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.