Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
How Ransomware Threats Are Evolving & How to Spot Them
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
By Kelly Sheridan Staff Editor, Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
6 Dangerous Defaults Attackers Love (and You Should Know)
Curtis Franklin Jr., Senior Editor at Dark Reading
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Google & Amazon Replace Apple as Phishers' Favorite Brands
Dark Reading Staff, Quick Hits
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
By Dark Reading Staff , 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Securing IoT as a Remote Workforce Strategy
Karen Walsh, Privacy & Compliance ExpertCommentary
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
By Karen Walsh Privacy & Compliance Expert, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
11 Hot Startups to Watch at Black Hat USA
Kelly Sheridan, Staff Editor, Dark Reading
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
By Kelly Sheridan Staff Editor, Dark Reading, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns on New E-Commerce Fraud
Dark Reading Staff, News
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
Travel Management Firm CWT Pays $4.5M to Ransomware Attackers
Dark Reading Staff, Quick Hits
Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data.
By Dark Reading Staff , 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
3 Arrested for Massive Twitter Breach
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
By Kelly Sheridan Staff Editor, Dark Reading, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
New Initiative Links Cybersecurity Pros to Election Officials
Dark Reading Staff, Quick Hits
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Dark Reading Staff, Quick Hits
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways Social Distancing Can Strengthen Your Network
Dr. Mike Lloyd, CTO of RedSealCommentary
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
By Dr. Mike Lloyd CTO of RedSeal, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
'Hidden Property Abusing' Allows Attacks on Node.js Applications
Robert Lemos, Contributing WriterNews
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
By Robert Lemos Contributing Writer, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
By Kelly Sheridan Staff Editor, Dark Reading, 7/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Web Travel Fraudsters Left Hurting From Lockdowns
Ericka Chickowski, Contributing WriterNews
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.
By Ericka Chickowski Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
James Hadley, CEO at Immersive LabsCommentary
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
By James Hadley CEO at Immersive Labs, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Virtually: An Important Time to Come Together as a Community
Dan Lowden, CMO, White OpsCommentary
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
By Dan Lowden CMO, White Ops, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Using the Attack Cycle to Up Your Security Game
Todd Graham, Vice President, VenrockCommentary
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
By Todd Graham Vice President, Venrock, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Jai Vijayan, Contributing Writer
More than 130 security researchers and developers are ready to showcase their work.
By Jai Vijayan Contributing Writer, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot.
By Kelly Sheridan Staff Editor, Dark Reading, 7/29/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
CVE-2020-15943
PUBLISHED: 2020-08-04
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attack...
CVE-2020-15944
PUBLISHED: 2020-08-04
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.