Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
DHS Shares Data on Top Cyber Threats to Federal Agencies
Robert Lemos, Contributing WriterNews
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
By Robert Lemos Contributing Writer, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
New MacOS Ransomware Hides in Pirated Program
Dark Reading Staff, Quick Hits
A bogus installer for Little Snitch carries a ransomware hitchhiker.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Out-of-Band Patches for RCE Flaws
Dark Reading Staff, Quick Hits
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnectCommentary
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
By Stephen Ward VP, ThreatConnect, 7/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2020
Comment10 comments  |  Read  |  Post a Comment
COVID-19 Puts ICS Security Initiatives 'On Pause'
Nicole Ferraro, Contributing WriterNews
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
By Nicole Ferraro Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
Robert Lemos, Contributing WriterNews
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
By Robert Lemos Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff, Quick Hits
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
By Dark Reading Staff , 6/30/2020
Comment8 comments  |  Read  |  Post a Comment
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Mark Darby, CEO of ISMS.onlineCommentary
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
By Mark Darby CEO of ISMS.online, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
CISA Issues Advisory on Home Routers
Dark Reading Staff, Quick Hits
The increase in work-from-home employees raises the importance of home router security.
By Dark Reading Staff , 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
University of California SF Pays Ransom After Medical Servers Hit
Robert Lemos, Contributing WriterNews
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
By Robert Lemos Contributing Writer, 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
Kelly Sheridan, Staff Editor, Dark ReadingNews
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
By Kelly Sheridan Staff Editor, Dark Reading, 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
HackerOne Reveals Top 10 Bug-Bounty Programs
Dark Reading Staff, Quick Hits
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
By Dark Reading Staff , 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Files Stolen from 945 Websites Discovered on Dark Web
Dark Reading Staff, Quick Hits
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
By Dark Reading Staff , 6/29/2020
Comment0 comments  |  Read  |  Post a Comment
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 6/29/2020
Comment5 comments  |  Read  |  Post a Comment
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Yaniv Bar-Yadan, Co-founder and CEO of Vulcan CyberCommentary
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
By Yaniv Bar-Yadan Co-founder and CEO of Vulcan Cyber, 6/26/2020
Comment6 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by FlynneTrobe
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.