Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Counting for Good: Hardware Counters Un-mask Malware
Dark Reading Staff, News
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
Terry Sweeney, Contributing EditorNews
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
HealthScare: Prioritizing Medical AppSec Research
Dark Reading Staff, News
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Dr. Johannes Bauer, Principal Security Advisor at ULCommentary
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
By Dr. Johannes Bauer Principal Security Advisor at UL, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
The Future's Biggest Cybercrime Threat May Already Be Here
Steve Durbin, Managing Director of the Information Security ForumCommentary
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
By Steve Durbin Managing Director of the Information Security Forum, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
Autonomous IT: Less Reacting, More Securing
Greg Jensen, Senior Director of Security at Oracle CorporationCommentary
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
By Greg Jensen Senior Director of Security at Oracle Corporation, 7/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Samantha Humphries, Security Strategist at ExabeamCommentary
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
By Samantha Humphries Security Strategist at Exabeam, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Ericka Chickowski, Contributing Writer
Here are the trends and topics that'll capture the limelight at this year's virtual event.
By Ericka Chickowski Contributing Writer, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Tanner Johnson, Senior Analyst, Connectivity & IoT, OMDIACommentary
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
By Tanner Johnson Senior Analyst, Connectivity & IoT, OMDIA, 7/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons from the Pandemic
Monica Verma, CISO and Board Member of Cloud Security Alliance NorwayCommentary
How does cybersecurity support business and society? The pandemic shows us.
By Monica Verma CISO and Board Member of Cloud Security Alliance Norway, 7/22/2020
Comment2 comments  |  Read  |  Post a Comment
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Srilekha Sankaran, Product Consultant at ManageEngineCommentary
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
By Srilekha Sankaran Product Consultant at ManageEngine, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
What Organizations Need to Know About IoT Supply Chain Risk
Daniel dos Santos, Research Manager at Forescout TechnologiesCommentary
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
By Daniel dos Santos Research Manager at Forescout Technologies, 7/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Natali Tshuva, Co-Founder & CEO of SternumCommentary
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
By Natali Tshuva Co-Founder & CEO of Sternum, 7/16/2020
Comment0 comments  |  Read  |  Post a Comment
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Jan Youngren, Cybersecurity Expert, VPNpro.comCommentary
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
By Jan Youngren Cybersecurity Expert, VPNpro.com, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.