informa
/
Announcements
Event
The Value Drivers of Attack Surface Management, Revealed | May 26 Webinar | <REGISTER NOW>
Event
Implementing and Using XDR to Improve Enterprise Cybersecurity | May 25 Webinar | <REGISTER NOW>
Event
HOW DATA BREACHES HAPPEN & WHAT TO DO WHEN THEY HAPPEN TO YOU | June 23 Virtual Event | <Get Your Pass>
PreviousNext

Vulnerabilities/Threats

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Deadbolt Ransomware Targeting QNAP NAS Devices
QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.
May 19, 2022
QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.
May 19, 2022
1 min read
Article
Pro-Russian Information Operations Escalate in Ukraine War
In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.
May 19, 2022
In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.
by Jai Vijayan, Contributing Writer, Dark Reading
May 19, 2022
6 min read
Article
DoJ Won't Charge 'Good Faith' Security Researchers
Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
May 19, 2022
Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
by Dark Reading Staff, Dark Reading
May 19, 2022
1 min read
Article
Majority of Kubernetes API Servers Exposed to the Public Internet
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
May 19, 2022
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
by Ericka Chickowski, Contributing Writer, Dark Reading
May 19, 2022
4 min read
Article
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
May 19, 2022
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
by Storm Swendsboe, Director of Intelligence, SafeGuard Cyber
May 19, 2022
5 min read
Article
Phishing Attacks for Initial Access Surged 54% in Q1
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
May 19, 2022
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
by Jai Vijayan, Contributing Writer, Dark Reading
May 19, 2022
5 min read
Article
MITRE Creates Framework for Supply Chain Security
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
May 18, 2022
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
by Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
May 18, 2022
4 min read
Article
CISA: Unpatched F5 BIG-IP Devices Under Active Attack
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.
May 18, 2022
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.
by Dark Reading Staff, Dark Reading
May 18, 2022
1 min read
Article
The Industry Must Better Secure Open Source Code From Threat Actors
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.
May 18, 2022
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.
by Andrew Useckas, Chief Technology Officer and Co-Founder, ThreatX
May 18, 2022
5 min read
Article
How Threat Actors Are a Click Away From Becoming Quasi-APTs
As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.
May 18, 2022
As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.
by Omer Carmi, VP, Cyber Threat Intelligence, Cybersixgill
May 18, 2022
5 min read
Article
Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
May 17, 2022
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
by Tara Seals, Managing Editor, News, Dark Reading
May 17, 2022
5 min read
Article
FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors
Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.
May 17, 2022
Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.
by Becky Bracken, Editor, Dark Reading
May 17, 2022
2 min read
Article
Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
May 17, 2022
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
by Dark Reading Staff, Dark Reading
May 17, 2022
1 min read
Article
Google Cloud Aims to Share Its Vetted Open Source Ecosystem
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
May 17, 2022
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
by Robert Lemos, Contributing Writer
May 17, 2022
4 min read
Article
iPhones Open to Attack Even When Off, Researchers Say
Wireless chips that run when the iPhone iOS is shut down can be exploited.
May 16, 2022
Wireless chips that run when the iPhone iOS is shut down can be exploited.
by Dark Reading Staff, Dark Reading
May 16, 2022
1 min read
Article