Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Open Source Flaws Take Years to Find But Just a Month to Fix
Robert Lemos, Contributing WriterNews
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
By Robert Lemos Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Dark Reading Staff, Quick Hits
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
By Dark Reading Staff , 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security Slipup Exposes Health Records & Lab Results
Dark Reading Staff, Quick Hits
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
By Dark Reading Staff , 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Avi Shua, Co-Founder, Orca SecurityCommentary
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
By Avi Shua Co-Founder, Orca Security, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Unmanaged Devices Heighten Risks for School Networks
Jai Vijayan, Contributing WriterNews
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K12 school networks.
By Jai Vijayan Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious or Vulnerable Docker Images Widespread, Firm Says
Robert Lemos, Contributing WriterNews
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
By Robert Lemos Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Sander Vinberg, Threat Research Evangelist at F5 LabsCommentary
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
By Sander Vinberg Threat Research Evangelist at F5 Labs, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
Dark Reading Staff, News
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Former NSS Labs CEO Launches New Security Testing Organization
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Baltimore County Public Schools Closed Due to Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Computer Maker Confirms Ransomware, Data Theft
Dark Reading Staff, Quick Hits
Advantech reports the stolen data was confidential but did not contain high-value documents.
By Dark Reading Staff , 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, VeracodeCommentary
The business priority of speed of development and deployment is overshadowing the need for secure code.
By Chris Eng Chief Research Officer, Veracode, 11/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Akshay Bhargava, Chief Product Officer at MalwarebytesCommentary
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
By Akshay Bhargava Chief Product Officer at Malwarebytes, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Version of TrickBot Employs Clever New Obfuscation Trick
Jai Vijayan, Contributing WriterNews
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
By Jai Vijayan Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
CVE-2020-29284
PUBLISHED: 2020-12-02
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vul...