Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Version of TrickBot Employs Clever New Obfuscation Trick
Jai Vijayan, Contributing WriterNews
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
By Jai Vijayan Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment1 Comment  |  Read  |  Post a Comment
CISA Warns of Holiday Online Shopping Scams
Dark Reading Staff, Quick Hits
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
By Dark Reading Staff , 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Printers' Cybersecurity Threats Too Often Ignored
Shivaun Albright, Chief Technologist of Print Security, HP Inc.Commentary
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
By Shivaun Albright Chief Technologist of Print Security, HP Inc., 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Grows Easier to Spread, Harder to Block
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Dark Reading Staff, Quick Hits
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
By Dark Reading Staff , 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Vinay Sridhara, CTO at BalbixCommentary
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
By Vinay Sridhara CTO at Balbix, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
How Retailers Can Fight Fraud and Abuse This Holiday Season
Sunil Potti, General Manager and Vice President, Google Cloud SecurityCommentary
Online shopping will be more popular than ever with consumers... and with malicious actors too.
By Sunil Potti General Manager and Vice President, Google Cloud Security, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Messenger Flaw Enabled Spying on Android Callees
Dark Reading Staff, Quick Hits
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
By Dark Reading Staff , 11/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals Get Creative With Google Services
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attacks take advantage of popular services, including Google Forms and Google Docs.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Go SMS Pro Messaging App Exposed Users' Private Media Files
Dark Reading Staff, Quick Hits
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTekCommentary
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
By Andrew Lowe Senior Information Security Consultant, TalaTek, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
2021 Cybersecurity Spending: How to Maximize Value
Gidi Cohen, Chief Executive Officer & Founder, Skybox SecurityCommentary
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
By Gidi Cohen Chief Executive Officer & Founder, Skybox Security, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
Kelly Sheridan, Staff Editor, Dark ReadingNews
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7779
PUBLISHED: 2020-11-26
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, [email protected]-----------------------------------------------------------!.
CVE-2020-7778
PUBLISHED: 2020-11-26
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVE-2020-29128
PUBLISHED: 2020-11-26
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
CVE-2020-27251
PUBLISHED: 2020-11-26
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
CVE-2020-27253
PUBLISHED: 2020-11-26
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.