Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before
Joan Goodchild, Contributing Writer
Several A-list celebrities have found themselves at the center of a ransomware attack -- and it's certainly not the first time hackers have gone after them or the entertainment industry. What are security pros doing wrong?
By Joan Goodchild Contributing Writer, 5/15/2020
Comment0 comments  |  Read  |  Post a Comment
6 Free Cybersecurity Training and Awareness Courses
Jai Vijayan, Contributing Writer
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
By Jai Vijayan Contributing Writer, 5/12/2020
Comment0 comments  |  Read  |  Post a Comment
Rule of Thumb: USB Killers Pose Real Threat
VP Pai, Vice President, ProTek DevicesCommentary
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
By VP Pai Vice President, ProTek Devices, 5/11/2020
Comment0 comments  |  Read  |  Post a Comment
The Price of Fame? Celebrities Face Unique Hacking Threats
Joan Goodchild, Contributing WriterNews
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
By Joan Goodchild Contributing Writer, 5/6/2020
Comment0 comments  |  Read  |  Post a Comment
Is CVSS the Right Standard for Prioritization?
Jeffrey Martin, Senior Director of Product at WhiteSourceCommentary
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
By Jeffrey Martin Senior Director of Product at WhiteSource, 5/6/2020
Comment0 comments  |  Read  |  Post a Comment
It Was 20 Years Ago Today: Remembering the ILoveYou Virus
Steve Zurier, Contributing WriterNews
The worm infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.
By Steve Zurier Contributing Writer, 5/5/2020
Comment2 comments  |  Read  |  Post a Comment
Best Practices for Managing a Remote SOC
Ericka Chickowski, Contributing WriterNews
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
By Ericka Chickowski Contributing Writer, 5/1/2020
Comment0 comments  |  Read  |  Post a Comment
The Rise of Deepfakes and What That Means for Identity Fraud
Labhesh Patel, CTO and Chief Scientist at JumioCommentary
Convincing deepfakes are a real concern, but there are ways of fighting back.
By Labhesh Patel CTO and Chief Scientist at Jumio, 4/30/2020
Comment1 Comment  |  Read  |  Post a Comment
7 Fraud Predictions in the Wake of the Coronavirus
Uri Rivner, Co-Founder, Head of Cyber Strategy, BioCatchCommentary
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
By Uri Rivner Co-Founder, Head of Cyber Strategy, BioCatch, 4/29/2020
Comment7 comments  |  Read  |  Post a Comment
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
Seth Rosenblatt, Contributing WriterNews
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
By Seth Rosenblatt Contributing Writer, 4/29/2020
Comment1 Comment  |  Read  |  Post a Comment
4 Ways to Get to Defensive When Faced by an Advanced Attack
Ran Shahor, CEO at HolistiCyberCommentary
To hold your own against nation-state-grade attacks, you must think and act differently.
By Ran Shahor CEO at HolistiCyber, 4/29/2020
Comment0 comments  |  Read  |  Post a Comment
Continued Use of Python 2 Will Heighten Security Risks
Jai Vijayan, Contributing WriterNews
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
By Jai Vijayan Contributing Writer, 4/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Target Sophos Firewalls with Zero-Day
Robert Lemos, Contributing WriterNews
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
By Robert Lemos Contributing Writer, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybercrime Group Steals $1.3M from Banks
Steve Zurier, Contributing WriterNews
A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.
By Steve Zurier Contributing Writer, 4/24/2020
Comment1 Comment  |  Read  |  Post a Comment
11 Tips for Protecting Active Directory While Working from Home
Franois Amigorena, Founder & CEO, IS DecisionsCommentary
To improve the security of your corporate's network, protect the remote use of AD credentials.
By Franois Amigorena Founder & CEO, IS Decisions, 4/22/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Aim at Software Supply Chain with Package Typosquatting
Robert Lemos, Contributing WriterNews
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
By Robert Lemos Contributing Writer, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Avoid the Top Cloud Access Risks
Shai Morag, CEO of ErmeticCommentary
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
By Shai Morag CEO of Ermetic, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Things Ransomware Taught Me About Responding in a Crisis
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
By Shawn Taylor Senior Systems Engineer at ForeScout, 4/16/2020
Comment2 comments  |  Read  |  Post a Comment
DHS Issues Alert for New North Korean Cybercrime
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/15/2020
Comment0 comments  |  Read  |  Post a Comment
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Tom Tovar, CEO and Co-Creator of AppdomeCommentary
Hackers are upping their game, especially as they target mobile devices.
By Tom Tovar CEO and Co-Creator of Appdome, 4/15/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.