Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Create New Framework to Evaluate User Security Awareness
Jai Vijayan, Contributing WriterNews
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
By Jai Vijayan Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
A Mix of Optimism and Pessimism for Security of the 2020 Election
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
On 'Invisible Salamanders' and Insecure Messages
Dark Reading Staff, News
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Exploiting Google Cloud Platform With Ease
Dark Reading Staff, News
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
By Dark Reading Staff , 8/6/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Satellite Communication Eavesdropping Will Remain A Problem
Dark Reading Staff, News
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Remotely Hacking Operations Technology Systems
Dark Reading Staff, News
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Counting for Good: Hardware Counters Un-mask Malware
Dark Reading Staff, News
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
2019 Breach Leads to $80 Million Fine for Capital One
Dark Reading Staff, Quick Hits
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Ripple20: More Vulnerable Devices Identified
Dark Reading Staff, Quick Hits
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips For Better Security Across the Software Supply Chain
Matthew Lewinski, Distinguished Engineer at Quest SoftwareCommentary
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
By Matthew Lewinski Distinguished Engineer at Quest Software, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
What a Security Engineer & Software Engineer Learned by Swapping Roles
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
HealthScare: Prioritizing Medical AppSec Research
Dark Reading Staff, News
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Medical Devices
Dark Reading Staff, News
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16636
PUBLISHED: 2020-08-07
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-16168
PUBLISHED: 2020-08-07
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
CVE-2020-8025
PUBLISHED: 2020-08-07
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the p...
CVE-2020-8026
PUBLISHED: 2020-08-07
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior...
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.