Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Spear-Phishing Campaign Hits Developer Collaboration System Users
Dark Reading Staff, Quick Hits
Users of Zeplin, a popular developer and designer collaboration system, have been hit with new waves of spear-phishing attacks in the last month.
By Dark Reading Staff , 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sign of the Tides
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/5/2020
Comment4 comments  |  Read  |  Post a Comment
Local, State Governments Face Cybersecurity Crisis
Robert Lemos, Contributing WriterNews
Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.
By Robert Lemos Contributing Writer, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
The Privacy & Security Outlook for Businesses Post-COVID-19
Aaron Shum, Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research GroupCommentary
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
By Aaron Shum Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research Group, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
New 'Tycoon' Ransomware Strain Targets Windows, Linux
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides in Resumes and Medical Leave Forms
Dark Reading Staff, Quick Hits
The campaigns have been part of the overall increase in coronavirus-related malware activity.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Strengthening Secure Information Sharing Through Technology & Standards
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
By Ameesh Divatia Co-Founder & CEO of Baffle, 6/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Office Files Most Popular for Exploit Tests
Dark Reading Staff, Quick Hits
A new report examines attacker methodologies to better understand how exploit testing is conducted in the wild.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Curtis Franklin Jr., Senior Editor at Dark Reading
Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Chasing RobbinHood: Up Close with an Evolving Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
By Kelly Sheridan Staff Editor, Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Old Spreadsheet Macro Tech Newly Popular with Criminals
Dark Reading Staff, Quick Hits
A 30-year-old macro technology for Microsoft Excel is finding new popularity as a cybersecurity attack vector.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Many Exchange Servers Are Still Vulnerable to Remote Exploit
Robert Lemos, Contributing WriterNews
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
By Robert Lemos Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Risk Assessment & the Human Condition
Joshua Goldfarb, Independent ConsultantCommentary
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
By Joshua Goldfarb Independent Consultant, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
For now, security teams face freezes in projects and hiring - and budget cuts, security industry analysts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Banking on Data Security in a Time of Insecurity
Dan DeMers, CEO of CinchyCommentary
How banks can maintain security and data integrity in the middle of a pandemic.
By Dan DeMers CEO of Cinchy, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Researcher $100,000 for Critical Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Dark Reading Staff, Quick Hits
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
By Dark Reading Staff , 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13890
PUBLISHED: 2020-06-06
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
CVE-2020-13889
PUBLISHED: 2020-06-06
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVE-2020-13881
PUBLISHED: 2020-06-06
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE-2020-13883
PUBLISHED: 2020-06-06
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVE-2020-13871
PUBLISHED: 2020-06-06
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.