Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Medical Devices on the IoT Put Lives at Risk
Dmitry Raidman, CEO & Co-Founder, CybeatsCommentary
Device security must become as important a product design feature as safety and efficacy.
By Dmitry Raidman CEO & Co-Founder, Cybeats, 4/9/2020
Comment0 comments  |  Read  |  Post a Comment
After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers
Robert Lemos, Contributing WriterNews
While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.
By Robert Lemos Contributing Writer, 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Fool Biometric Scanners with 3D-Printed Fingerprints
Kelly Sheridan, Staff Editor, Dark ReadingNews
Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.
By Kelly Sheridan Staff Editor, Dark Reading, 4/8/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Releases COVID-19 Security Guidance
Dark Reading Staff, Quick Hits
Information includes tips on how to keep IT systems infection-free.
By Dark Reading Staff , 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Shane Shook, Venture Consultant at Forgepoint CapitalCommentary
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
By Shane Shook Venture Consultant at Forgepoint Capital, 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Why Threat Hunting with XDR Matters
Morey Haber, CTO and CISO, BeyondTrustCommentary
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
By Morey Haber CTO and CISO, BeyondTrust, 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Mature DevOps Teams Are Secure DevOps Teams
Dark Reading Staff, Quick Hits
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Dark Reading Staff, Quick Hits
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Using Application Telemetry to Reveal Insider & Evasive Threats
Andy Hawkins, Field CTOCommentary
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
By Andy Hawkins Field CTO, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Emotet Attack Shut Down an Entire Business Network
Kelly Sheridan, Staff Editor, Dark ReadingNews
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
By Kelly Sheridan Staff Editor, Dark Reading, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of BEC Dangers
Dark Reading Staff, Quick Hits
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Mozilla Patches Two Critical Zero-Days in Firefox
Dark Reading Staff, Quick Hits
The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Humans Are Phishing's Weakest Link
Tim Sadler, CEO and co-founder of TessianCommentary
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
By Tim Sadler CEO and co-founder of Tessian, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.
By Kelly Sheridan Staff Editor, Dark Reading, 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Bad Bots Build Presence Across the Web
Dark Reading Staff, Quick Hits
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by unturista
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
Posted by futurocoches
Current Conversations how covid has changed the rules...
In reply to: covid
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/10/2020
Zscaler to Buy Cloudneeti
Dark Reading Staff 4/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18375
PUBLISHED: 2020-04-10
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
CVE-2019-18376
PUBLISHED: 2020-04-10
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
CVE-2019-7305
PUBLISHED: 2020-04-10
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information di...
CVE-2020-8832
PUBLISHED: 2020-04-10
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacke...
CVE-2020-1633
PUBLISHED: 2020-04-09
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, lea...