Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
First the Good News: Number of Breaches Down 51% Year Over Year
Robert Lemos, Contributing WriterNews
But the number of records put at risk experiences a massive increase. Here's why.
By Robert Lemos Contributing Writer, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Make Off With Millions From Wisconsin Republicans
Dark Reading Staff, Quick Hits
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
By Dark Reading Staff , 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Wave Targets US Hospitals: What We Know So Far
Kelly Sheridan, Staff Editor, Dark ReadingNews
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
By Kelly Sheridan Staff Editor, Dark Reading, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
How Healthcare Organizations Can Combat Ransomware
Mike Wilson, Founder & CTO, EnzoicCommentary
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
By Mike Wilson Founder & CTO, Enzoic, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Aim BEC Attacks at Education Industry
Steve Zurier, Contributing WriterNews
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
By Steve Zurier Contributing Writer, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
How to Increase Voter Turnout & Reduce Fraud
Husayn Kassai, Co-Founder and CEO, OnfidoCommentary
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
By Husayn Kassai Co-Founder and CEO, Onfido, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Is Your Encryption Ready for Quantum Threats?
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
US Government Issues Warning on Kimsuky APT Group
Dark Reading Staff, Quick Hits
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment2 comments  |  Read  |  Post a Comment
Rethinking Security for the Next Normal -- Under Pressure
Justin Tibbs & Zane Lackey, CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal SciencesCommentary
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
By Justin Tibbs & Zane Lackey CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal Sciences, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Trump Campaign Website Defaced by Unknown Attackers
Dark Reading Staff, Quick Hits
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Physical Security Has a Lot of Catching Up to Do
Peter George, Chief Executive Officer at Evolv TechnologyCommentary
The transformation we need: merging the network operations center with the physical security operations center.
By Peter George Chief Executive Officer at Evolv Technology, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Survey Uncovers High Level of Concern Over Firewalls
Jai Vijayan, Contributing WriterNews
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
By Jai Vijayan Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark ReadingNews
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
MITRE Shield Matrix Highlights Deception & Concealment Technology
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
Robert Lemos, Contributing WriterNews
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
By Robert Lemos Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Employees Aware of Emailed Threats Open Suspicious Messages
Dark Reading Staff, Quick Hits
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
By Dark Reading Staff , 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Human Factors That Affect Secure Software Development
Anita D'Amico, CEO, Code Dx Inc.Commentary
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
By Anita D'Amico CEO, Code Dx Inc., 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
Dark Reading Staff, Quick Hits
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
By Dark Reading Staff , 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Links Cybersecurity and Sustainability
Dark Reading Staff, Quick Hits
Some have also created the role of chief sustainability officer, according to Kaspersky.
By Dark Reading Staff , 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.