Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnectCommentary
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
By Stephen Ward VP, ThreatConnect, 7/1/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Lucifer Malware Aims to Become Broad Platform for Attacks
Robert Lemos, Contributing WriterNews
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
By Robert Lemos Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach: $116M
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
By Marc Wilczek Digital Strategist & COO of Link11, 6/24/2020
Comment2 comments  |  Read  |  Post a Comment
Rethinking Enterprise Access, Post-COVID-19
Dor Knafo, Co-Founder & CEO of Axis SecurityCommentary
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
By Dor Knafo Co-Founder & CEO of Axis Security, 6/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybercrime Infrastructure Never Really Dies
Robert Lemos, Contributing WriterNews
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
By Robert Lemos Contributing Writer, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
Ericka Chickowski, Contributing WriterNews
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Ericka Chickowski, Contributing Writer
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
What's Anonymous Up to Now?
Seth Rosenblatt, Contributing WriterNews
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
By Seth Rosenblatt Contributing Writer, 6/17/2020
Comment0 comments  |  Read  |  Post a Comment
Too Big to Cyber Fail?
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
How systemic cyber-risk threatens US banks and financial services companies
By Jason Crabtree CEO & Co-Founder, QOMPLX, 6/17/2020
Comment0 comments  |  Read  |  Post a Comment
The Hitchhiker's Guide to Web App Pen Testing
Vanessa Sauter, Security Strategy Analyst at Cobalt.ioCommentary
Time on your hands and looking to learn about web apps? Here's a list to get you started.
By Vanessa Sauter Security Strategy Analyst at Cobalt.io, 6/11/2020
Comment0 comments  |  Read  |  Post a Comment
Asset Management Mess? How to Get Organized
Joan Goodchild, Contributing WriterNews
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
By Joan Goodchild Contributing Writer, 6/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists
Robert Lemos, Contributing WriterNews
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based "ethical hacking" firm that works on behalf of commercial clients.
By Robert Lemos Contributing Writer, 6/9/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sign of the Tides
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/5/2020
Comment7 comments  |  Read  |  Post a Comment
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
Robert Lemos, Contributing WriterNews
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
By Robert Lemos Contributing Writer, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Valak Malware Retasked to Steal Data from US, German Firms
Robert Lemos, Contributing WriterNews
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment5 comments  |  Read  |  Post a Comment
6 Steps Consumers Should Take Following a Hack
Steve Zurier, Contributing Writer
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
By Steve Zurier Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.