Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
JavaScript Obfuscation Moves to Phishing Emails
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
Dark Reading Staff, Quick Hits
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
By Dark Reading Staff , 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Will Wise, Group Vice President, Security Events, Reed ExhibitionsCommentary
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
By Will Wise Group Vice President, Security Events, Reed Exhibitions, 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
First the Good News: Number of Breaches Down 51% Year Over Year
Robert Lemos, Contributing WriterNews
But the number of records put at risk experiences a massive increase. Here's why.
By Robert Lemos Contributing Writer, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Make Off With Millions From Wisconsin Republicans
Dark Reading Staff, Quick Hits
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
By Dark Reading Staff , 10/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Wave Targets US Hospitals: What We Know So Far
Kelly Sheridan, Staff Editor, Dark ReadingNews
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
By Kelly Sheridan Staff Editor, Dark Reading, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
How Healthcare Organizations Can Combat Ransomware
Mike Wilson, Founder & CTO, EnzoicCommentary
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
By Mike Wilson Founder & CTO, Enzoic, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Aim BEC Attacks at Education Industry
Steve Zurier, Contributing WriterNews
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
By Steve Zurier Contributing Writer, 10/29/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Increase Voter Turnout & Reduce Fraud
Husayn Kassai, Co-Founder and CEO, OnfidoCommentary
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
By Husayn Kassai Co-Founder and CEO, Onfido, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Is Your Encryption Ready for Quantum Threats?
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
US Government Issues Warning on Kimsuky APT Group
Dark Reading Staff, Quick Hits
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment2 comments  |  Read  |  Post a Comment
Rethinking Security for the Next Normal -- Under Pressure
Justin Tibbs & Zane Lackey, CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal SciencesCommentary
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
By Justin Tibbs & Zane Lackey CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal Sciences, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Trump Campaign Website Defaced by Unknown Attackers
Dark Reading Staff, Quick Hits
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Physical Security Has a Lot of Catching Up to Do
Peter George, Chief Executive Officer at Evolv TechnologyCommentary
The transformation we need: merging the network operations center with the physical security operations center.
By Peter George Chief Executive Officer at Evolv Technology, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Survey Uncovers High Level of Concern Over Firewalls
Jai Vijayan, Contributing WriterNews
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
By Jai Vijayan Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark ReadingNews
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
MITRE Shield Matrix Highlights Deception & Concealment Technology
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
Robert Lemos, Contributing WriterNews
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
By Robert Lemos Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Employees Aware of Emailed Threats Open Suspicious Messages
Dark Reading Staff, Quick Hits
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
By Dark Reading Staff , 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...