Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Former NSS Labs CEO Launches New Security Testing Organization
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Baltimore County Public Schools Closed Due to Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Computer Maker Confirms Ransomware, Data Theft
Dark Reading Staff, Quick Hits
Advantech reports the stolen data was confidential but did not contain high-value documents.
By Dark Reading Staff , 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, VeracodeCommentary
The business priority of speed of development and deployment is overshadowing the need for secure code.
By Chris Eng Chief Research Officer, Veracode, 11/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Akshay Bhargava, Chief Product Officer at MalwarebytesCommentary
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
By Akshay Bhargava Chief Product Officer at Malwarebytes, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Version of TrickBot Employs Clever New Obfuscation Trick
Jai Vijayan, Contributing WriterNews
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
By Jai Vijayan Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Warns of Holiday Online Shopping Scams
Dark Reading Staff, Quick Hits
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
By Dark Reading Staff , 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Printers' Cybersecurity Threats Too Often Ignored
Shivaun Albright, Chief Technologist of Print Security, HP Inc.Commentary
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
By Shivaun Albright Chief Technologist of Print Security, HP Inc., 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Grows Easier to Spread, Harder to Block
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Dark Reading Staff, Quick Hits
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
By Dark Reading Staff , 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Vinay Sridhara, CTO at BalbixCommentary
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
By Vinay Sridhara CTO at Balbix, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
How Retailers Can Fight Fraud and Abuse This Holiday Season
Sunil Potti, General Manager and Vice President, Google Cloud SecurityCommentary
Online shopping will be more popular than ever with consumers... and with malicious actors too.
By Sunil Potti General Manager and Vice President, Google Cloud Security, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4128
PUBLISHED: 2020-12-01
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.
CVE-2020-7335
PUBLISHED: 2020-12-01
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploit...
CVE-2020-15257
PUBLISHED: 2020-12-01
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that...
CVE-2020-9114
PUBLISHED: 2020-12-01
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause pr...
CVE-2020-9117
PUBLISHED: 2020-12-01
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected prod...