Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
New 'Tycoon' Ransomware Strain Targets Windows, Linux
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides in Resumes and Medical Leave Forms
Dark Reading Staff, Quick Hits
The campaigns have been part of the overall increase in coronavirus-related malware activity.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Strengthening Secure Information Sharing Through Technology & Standards
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
By Ameesh Divatia Co-Founder & CEO of Baffle, 6/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Office Files Most Popular for Exploit Tests
Dark Reading Staff, Quick Hits
A new report examines attacker methodologies to better understand how exploit testing is conducted in the wild.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Curtis Franklin Jr., Senior Editor at Dark Reading
Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Chasing RobbinHood: Up Close with an Evolving Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
By Kelly Sheridan Staff Editor, Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Old Spreadsheet Macro Tech Newly Popular with Criminals
Dark Reading Staff, Quick Hits
A 30-year-old macro technology for Microsoft Excel is finding new popularity as a cybersecurity attack vector.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Many Exchange Servers Are Still Vulnerable to Remote Exploit
Robert Lemos, Contributing WriterNews
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
By Robert Lemos Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Risk Assessment & the Human Condition
Joshua Goldfarb, Independent ConsultantCommentary
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
By Joshua Goldfarb Independent Consultant, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
For now, security teams face freezes in projects and hiring - and budget cuts, security industry analysts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Banking on Data Security in a Time of Insecurity
Dan DeMers, CEO of CinchyCommentary
How banks can maintain security and data integrity in the middle of a pandemic.
By Dan DeMers CEO of Cinchy, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Researcher $100,000 for Critical Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Dark Reading Staff, Quick Hits
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
By Dark Reading Staff , 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRockCommentary
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.
By Peter Barker Chief Product Officer at ForgeRock, 6/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Bank of America Security Incident Affects PPP Applicants
Dark Reading Staff, Quick Hits
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Cisco Announces Patches to SaltStack
Dark Reading Staff, Quick Hits
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by EdWelsh
Current Conversations Very interesting)
In reply to: Great!
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13842
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
CVE-2020-13843
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
CVE-2020-13839
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
CVE-2020-13840
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
CVE-2020-13841
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).