Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing WriterNews
Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.
By Robert Lemos Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Verizon: Attacks on Mobile Devices Rise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Security, Networking Collaboration Cuts Breach Cost
Kelly Sheridan, Staff Editor, Dark ReadingNews
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps
Curtis Franklin Jr., Senior Editor at Dark Reading
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Improve Your Employees' Mobile Security
Kelly Sheridan, Staff Editor, Dark Reading
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Olympics Could Face Disruption from Regional Powers
Robert Lemos, Contributing WriterNews
Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.
By Robert Lemos Contributing Writer, 2/21/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Get CISOs & Boards on the Same Page
Joe Schorr, Global Executive Services Director, Optiv SecurityCommentary
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
By Joe Schorr Global Executive Services Director, Optiv Security, 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff, Quick Hits
A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.
By Dark Reading Staff , 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Lumu to Emerge from Stealth at RSAC
Dark Reading Staff, Quick Hits
The new company will focus on giving customers earlier indications of network and server compromise.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
1.7M Nedbank Customers Affected via Third-Party Breach
Dark Reading Staff, Quick Hits
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Firmware Weaknesses Can Turn Computer Subsystems into Trojans
Robert Lemos, Contributing WriterNews
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.
By Robert Lemos Contributing Writer, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Dark Reading Staff, Quick Hits
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
Ovum to Expand Cybersecurity Research Under New Omdia Group
Dark Reading Staff, News
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
The 5 Love Languages of Cybersecurity
Fredrick Commentary
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
By Fredrick "Flee" Lee Chief Security Officer, Gusto, 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.
By Kelly Sheridan Staff Editor, Dark Reading, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Apps Remain Favorite Mobile Attack Vector
Dark Reading Staff, Quick Hits
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
By Dark Reading Staff , 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Tod Beardsley, Director of Research, Rapid7Commentary
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
By Tod Beardsley Director of Research, Rapid7, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...