informa
/
Announcements
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
Event
Malicious Bots: What Enterprises Need to Know | August 30 Webinar | <REGISTER NOW>
Event
How Supply Chain Attacks Work – And What You Can Do to Stop Them | August 17 Webinar | <REGISTER NOW>
PreviousNext

Vulnerabilities/Threats

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Microsoft: We Don't Want to Zero-Day Our Customers
The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse — it is, she says, to protect customers.
August 11, 2022
The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse — it is, she says, to protect customers.
by Jai Vijayan, Contributing Writer, Dark Reading
August 11, 2022
4 min read
Article
Krebs: Taiwan, Geopolitical Headwinds Loom Large
During a keynote at Black Hat 2022, former CISA director Chris Krebs outlined the biggest risk areas for the public and private sectors for the next few years.
August 11, 2022
During a keynote at Black Hat 2022, former CISA director Chris Krebs outlined the biggest risk areas for the public and private sectors for the next few years.
by Tara Seals, Managing Editor, News, Dark Reading
August 11, 2022
8 min read
Article
After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks
In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.
August 11, 2022
In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.
by Jeffrey Schwartz, Contributing Writer
August 11, 2022
5 min read
Article
Supply-Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.
August 11, 2022
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.
by Karen Spiegelman, Features Editor
August 11, 2022
4 min read
Article
Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage
Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.
August 11, 2022
Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.
by Nathan Eddy, Contributing Writer, Dark Reading
August 11, 2022
4 min read
Article
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls
More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.
August 11, 2022
More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.
by Robert Lemos, Contributing Writer, Dark Reading
August 11, 2022
4 min read
Article
Cisco Confirms Data Breach, Hacked Files Leaked
Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
August 11, 2022
Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
by Robert Lemos, Contributing Writer, Dark Reading
August 11, 2022
4 min read
Article
The Time Is Now for IoT Security Standards
Industry standards would provide predictable and understandable IoT security frameworks.
August 11, 2022
Industry standards would provide predictable and understandable IoT security frameworks.
by Jan Bondoc, Vice President of Information Technology, ioXt LLC
August 11, 2022
5 min read
Article
New HTTP Request Smuggling Attacks Target Web Browsers
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.
August 11, 2022
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.
by Jai Vijayan, Contributing Writer, Dark Reading
August 11, 2022
4 min read
Article
Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.
August 10, 2022
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.
by Nathan Eddy, Contributing Writer, Dark Reading
August 10, 2022
3 min read
Article
Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.
August 10, 2022
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.
by Jai Vijayan, Contributing Writer, Dark Reading
August 10, 2022
4 min read
Article
Rethinking Software in the Organizational Hierarchy
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?
August 10, 2022
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?
by Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code Warrior
August 10, 2022
5 min read
Article
Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
August 09, 2022
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
by Tara Seals, Managing Editor, News, Dark Reading
August 09, 2022
8 min read
Article
Microsoft Patches Zero-Day Actively Exploited in the Wild
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
August 09, 2022
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
by Robert Lemos, Contributing Writer, Dark Reading
August 09, 2022
4 min read
Article
Researchers Debut Fresh RCE Vector for Common Google API Tool
The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices.
August 09, 2022
The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices.
by Nathan Eddy, Contributing Writer, Dark Reading
August 09, 2022
6 min read
Article