Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Hacker Convicted for Social Network Hacks
Dark Reading Staff, Quick Hits
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.
By Dark Reading Staff , 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Experts Predict Rise of Data Theft in Ransomware Attacks
Dark Reading Staff, Quick Hits
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
By Dark Reading Staff , 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Chad Loeven, President of VMRay Inc.Commentary
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
By Chad Loeven President of VMRay Inc., 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Biden Campaign Hires 2 Top Cybersecurity Executives
Dark Reading Staff, Quick Hits
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
By Dark Reading Staff , 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Patches Zero-Day Vulnerability in Windows 7
Dark Reading Staff, Quick Hits
The flaw also affects older versions of the operating system, even if they're fully patched.
By Dark Reading Staff , 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
Robert Lemos, Contributing WriterNews
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
By Robert Lemos Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Huge DDoS Attack Launched Against Cloudflare in Late June
Dark Reading Staff, Quick Hits
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
By Dark Reading Staff , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Up Close with Evilnum, the APT Group Behind the Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
When WAFs Go Wrong
Ericka Chickowski, Contributing WriterNews
Web application firewalls are increasingly disappointing enterprises today. Here's why.
By Ericka Chickowski Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most From Nessus
Curtis Franklin Jr., Senior Editor at Dark Reading
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testing ROI: How to Communicate the Value of Security Testing
Nabil Hannan, Managing Director at NetSPICommentary
There are many reasons to pen test, but the financial reasons tend to get ignored.
By Nabil Hannan Managing Director at NetSPI, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
Dark Reading Staff, Quick Hits
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
More Malware Found Preinstalled on Government Smartphones
Dark Reading Staff, Quick Hits
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
How Advanced Attackers Take Aim at Office 365
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
By Kelly Sheridan Staff Editor, Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWareCommentary
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
By Tiffany Ricks CEO, HacWare, 7/8/2020
Comment1 Comment  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Devices in Secure Spaces
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Qualitybacklinks
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
CVE-2020-10989
PUBLISHED: 2020-07-13
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
CVE-2020-10986
PUBLISHED: 2020-07-13
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
CVE-2019-19338
PUBLISHED: 2020-07-13
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is ...