Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
By Kelly Sheridan Staff Editor, Dark Reading, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Americans Care About Security But Don't Follow Through
Dark Reading Staff, Quick Hits
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Turla Backdoor Adds Gmail Web Interface for Command-and-Control
Jai Vijayan, Contributing WriterNews
The latest version of ComRAT is another sign of the threat actor's continued focus on targets in the government, military, and other sectors.
By Jai Vijayan Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Pay a Ransom
Nicole Ferraro, Contributing Writer
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.
By Nicole Ferraro Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Benefits of a Cloud-Based, Automated Cyber Range
Rocky Yuan, Cybersecurity Engineer at BAE systemsCommentary
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
By Rocky Yuan Cybersecurity Engineer at BAE systems, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
World Leaders Urge Action Against Healthcare Cyberattacks
Dark Reading Staff, Quick Hits
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Content Delivery Networks Adding Checks for Magecart Attacks
Robert Lemos, Contributing WriterNews
Modern web applications make significant use of third-party code to drive innovation, but the software supply chain has also turned into a major source of threat. CDNs aim to change that.
By Robert Lemos Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th
Edge Editors, Dark Reading
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
By Edge Editors Dark Reading, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, GarrisonCommentary
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
By Henry Harrison Co-founder & Chief Technology Officer, Garrison, 5/21/2020
Comment2 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
60% of Insider Threats Involve Employees Planning to Leave
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
By Kelly Sheridan Staff Editor, Dark Reading, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Risks in Front-end Code
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
By Ido Safruti Co-founder & CTO, PerimeterX, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Offers to Sell Enterprise Network Access Surge on Dark Web
Dark Reading Staff, Quick Hits
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.
By Dark Reading Staff , 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Dark Reading Staff, Quick Hits
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
By Dark Reading Staff , 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
Robert Lemos, Contributing WriterNews
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
By Robert Lemos Contributing Writer, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
By Dan Blum Cybersecurity & Risk Management Strategist, 5/20/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10737
PUBLISHED: 2020-05-27
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
CVE-2020-13622
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVE-2020-13623
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
CVE-2020-13616
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
CVE-2020-13614
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.