Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Fall for It! Defending Against Deepfakes
Curtis Franklin Jr., Senior Editor at Dark Reading
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Struggling to Secure Remote IT? 3 Lessons from the Office
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
By Chris Hallenbeck CISO for the Americas at Tanium, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Rose 151% in First Half of 2020
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Charges Five Members of China-Linked APT41 for Global Attacks
Dark Reading Staff, Quick Hits
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
By Dark Reading Staff , 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Joins MITRE to Issue Vulnerability Identifiers
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
By Robert Lemos Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVistaCommentary
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
By Simone Petrella Chief Executive Officer, CyberVista, 9/16/2020
Comment2 comments  |  Read  |  Post a Comment
CISA Issues Alert for Microsoft Netlogon Vulnerability
Dark Reading Staff, Quick Hits
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Taking Security With You in the WFH Era: What to Do Next
A.N. Ananth, President, NetsurionCommentary
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
By A.N. Ananth President, Netsurion, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
Robert Lemos, Contributing WriterNews
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
By Robert Lemos Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Large Cloud Providers Much Less Likely Than Enterprises to Get Breached
Jai Vijayan, Contributing WriterNews
Pen-test results also show a majority of organizations have few protections against attackers already on the network.
By Jai Vijayan Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.