Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Dark Reading Staff, Quick Hits
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Android Adware Tied to Undeletable Malware
Dark Reading Staff, Quick Hits
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
How to Assess More Sophisticated IoT Threats
Jack Mannino, CEO, nVisiumCommentary
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
By Jack Mannino CEO, nVisium, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Dark Reading Staff, Quick Hits
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Considerations for Seamless CCPA Compliance
Anurag Kahol, CTO, BitglassCommentary
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
By Anurag Kahol CTO, Bitglass, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
22,900 MongoDB Databases Affected in Ransomware Attack
Dark Reading Staff, Quick Hits
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
DHS Shares Data on Top Cyber Threats to Federal Agencies
Robert Lemos, Contributing WriterNews
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
By Robert Lemos Contributing Writer, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
New MacOS Ransomware Hides in Pirated Program
Dark Reading Staff, Quick Hits
A bogus installer for Little Snitch carries a ransomware hitchhiker.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Out-of-Band Patches for RCE Flaws
Dark Reading Staff, Quick Hits
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnectCommentary
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
By Stephen Ward VP, ThreatConnect, 7/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2020
Comment12 comments  |  Read  |  Post a Comment
COVID-19 Puts ICS Security Initiatives 'On Pause'
Nicole Ferraro, Contributing WriterNews
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
By Nicole Ferraro Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
Robert Lemos, Contributing WriterNews
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
By Robert Lemos Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff, Quick Hits
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
By Dark Reading Staff , 6/30/2020
Comment7 comments  |  Read  |  Post a Comment
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Mark Darby, CEO of ISMS.onlineCommentary
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
By Mark Darby CEO of ISMS.online, 6/30/2020
Comment2 comments  |  Read  |  Post a Comment
CISA Issues Advisory on Home Routers
Dark Reading Staff, Quick Hits
The increase in work-from-home employees raises the importance of home router security.
By Dark Reading Staff , 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
University of California SF Pays Ransom After Medical Servers Hit
Robert Lemos, Contributing WriterNews
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
By Robert Lemos Contributing Writer, 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Qualitybacklinks
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
Posted by FlynneTrobe
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15570
PUBLISHED: 2020-07-06
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVE-2020-15569
PUBLISHED: 2020-07-06
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-7690
PUBLISHED: 2020-07-06
It's possible to inject JavaScript code via the html method.
CVE-2020-7691
PUBLISHED: 2020-07-06
It's possible to use <<script>script> in order to go over the filtering regex.
CVE-2020-15562
PUBLISHED: 2020-07-06
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.