Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
A Rogues' Gallery of MacOS Malware
Curtis Franklin Jr., Senior Editor at Dark Reading
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Dark Reading Staff, Quick Hits
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
By Dark Reading Staff , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
3 SMB Cybersecurity Myths Debunked
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Small and midsize businesses are better at cyber resilience than you might think.
By Marc Wilczek Digital Strategist & COO of Link11, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Robert Lemos, Contributing WriterNews
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
Steve Zurier, Contributing WriterNews
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
By Steve Zurier Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
How Elite Protectors Operationalize Security Protection
Maurice Uenuma & A.T. Smith, Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity ConsultantCommentary
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
By By Maurice Uenuma, VP, Federal & Enterprise, Tripwire, former Special Ops Marine, and A.T. Smith, Former Deputy Director of the U.S. Secret Service , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
HackerOne Bounties Hit $100M Milestone
Dark Reading Staff, Quick Hits
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
By Dark Reading Staff , 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Standing Privilege: The Attacker's Advantage
Tim Keeler, Founder and CEO, RemediantCommentary
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
By Tim Keeler Founder and CEO, Remediant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
By Kelly Sheridan Staff Editor, Dark Reading, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
What the World's Elite Protectors Teach Us about Cybersecurity
Maurice Uenuma & A.T. Smith, Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity ConsultantCommentary
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
By Maurice Uenuma & A.T. Smith Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity Consultant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
6 Steps Consumers Should Take Following a Hack
Steve Zurier, Contributing Writer
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
By Steve Zurier Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
By Kelly Sheridan Staff Editor, Dark Reading, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Americans Care About Security But Don't Follow Through
Dark Reading Staff, Quick Hits
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Turla Backdoor Adds Gmail Web Interface for Command-and-Control
Jai Vijayan, Contributing WriterNews
The latest version of ComRAT is another sign of the threat actor's continued focus on targets in the government, military, and other sectors.
By Jai Vijayan Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Nicole Ferraro, Contributing Writer
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
By Nicole Ferraro Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Benefits of a Cloud-Based, Automated Cyber Range
Rocky Yuan, Cybersecurity Engineer at BAE systemsCommentary
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
By Rocky Yuan Cybersecurity Engineer at BAE systems, 5/26/2020
Comment1 Comment  |  Read  |  Post a Comment
World Leaders Urge Action Against Healthcare Cyberattacks
Dark Reading Staff, Quick Hits
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by EdWelsh
Current Conversations Very interesting)
In reply to: Great!
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13173
PUBLISHED: 2020-05-28
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.