Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Strategic Cyber Warfare Heats Up
Seth Rosenblatt, Contributing WriterNews
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
By Seth Rosenblatt Contributing Writer, 9/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Fake Data and Fake Information: A Treasure Trove for Defenders
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 9/3/2020
Comment0 comments  |  Read  |  Post a Comment
DHS Partners with Industry to Offer State, Local Gov'ts Cybersecurity Aid
Robert Lemos, Contributing WriterNews
The US Department of Homeland Security teams up with Akamai and the Center for Internet Security to provide state and local governments with cybersecurity through DNS for free.
By Robert Lemos Contributing Writer, 9/2/2020
Comment0 comments  |  Read  |  Post a Comment
New Threat Activity by Lazarus Group Spells Trouble for Orgs
Jai Vijayan, Contributing WriterNews
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.
By Jai Vijayan Contributing Writer, 9/1/2020
Comment0 comments  |  Read  |  Post a Comment
Is China the World's Greatest Cyber Power?
Robert Lemos, Contributing WriterNews
While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China's aggressive approach to cyber operations has made it "perhaps the world's greatest cyber power."
By Robert Lemos Contributing Writer, 8/27/2020
Comment2 comments  |  Read  |  Post a Comment
How CISOs Can Play a New Role in Defining the Future of Work
David Bradbury, CSO, OktaCommentary
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
By David Bradbury CSO, Okta, 8/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Three Easy Ways to Avoid Meow-like Database Attacks
Ron Bennatan, Co-founder & CTO of jSonarCommentary
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
Large Ad Network Collects Private Activity Data, Reroutes Clicks
Robert Lemos, Contributing WriterNews
A Chinese mobile advertising firm has modified code in the software development kit included in more than 1,200 apps, maliciously collecting user activity and performing ad fraud, says Snyk, a software security firm.
By Robert Lemos Contributing Writer, 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach in 2020: $3.86M
Marc Wilczek, Digital Strategist & COO of Link11Commentary
When companies defend themselves against cyberattacks, time is money.
By Marc Wilczek Digital Strategist & COO of Link11, 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
74 Days From the Presidential Election, Security Worries Mount
Robert Lemos, Contributing WriterNews
With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.
By Robert Lemos Contributing Writer, 8/21/2020
Comment1 Comment  |  Read  |  Post a Comment
'Next-Gen' Supply Chain Attacks Surge 430%
Ericka Chickowski, Contributing WriterNews
Attackers are increasingly seeding open source projects with compromised components.
By Ericka Chickowski Contributing Writer, 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Nasser Al-Nasser & Dr. Guy Diedrich, Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco SystemsCommentary
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
By Nasser Al-Nasser & Dr. Guy Diedrich Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco Systems, 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
Smart-Lock Hacks Point to Larger IoT Problems
Nicole Ferraro, Contributing WriterNews
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
By Nicole Ferraro Contributing Writer, 8/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Newly Patched Alexa Flaws a Red Flag for Home Workers
Steve Zurier, Contributing WriterNews
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
By Steve Zurier Contributing Writer, 8/19/2020
Comment1 Comment  |  Read  |  Post a Comment
The IT Backbone of Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.
By Marc Wilczek Digital Strategist & COO of Link11, 8/17/2020
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Keep Your Remote Workforce Safe
Steve Zurier, Contributing Writer
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
By Steve Zurier Contributing Writer, 8/14/2020
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nobesityahmedabad
Current Conversations Very useful information
In reply to: Re: Chart
Post Your Own Reply
Posted by Theallove
Current Conversations Good post, thanks!!
In reply to: best
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...