Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Why You Should Be Prepared to Pay a Ransom
Christopher Muffat, CEO and founderCommentary
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
By Christopher Muffat CEO and founder, 5/12/2021
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Patch for Acrobat Zero-Day
Dark Reading Staff, Quick Hits
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato NetworksCommentary
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
By Etay Maor Sr. Director Security Strategy at Cato Networks, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Infrastructure Under Attack
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
By Marc Wilczek Digital Strategist & COO of Link11, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Exchange Exploitation: Not Dead Yet
John Hammond, Senior Security Researcher at HuntressCommentary
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
By John Hammond Senior Security Researcher at Huntress, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Dark Reading Staff, Quick Hits
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Will 2021 Mark the End of World Password Day?
Jake Madders, Director, Hyve Managed HostingCommentary
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
By Jake Madders Director, Hyve Managed Hosting, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches for Webkit Security Flaws
Dark Reading Staff, Quick Hits
The vulnerabilities may already be under active attack, Apple says in an advisory.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Can Organizations Secure Remote Workers for the Long Haul?
Ian Pratt, Global head of Security for Personal Systems at HP Inc.Commentary
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
By Ian Pratt Global head of Security for Personal Systems at HP Inc., 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
It's Time to Ditch Celebrity Cybersecurity
Mieng Lim, VP of Product Management at Digital Defense By HelpSystemsCommentary
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
By Mieng Lim VP of Product Management at Digital Defense By HelpSystems, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Explore Active Directory Attack Vectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
By Kelly Sheridan Staff Editor, Dark Reading, 5/3/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Find Bugs Using Single-Codebase Inconsistencies
Robert Lemos, Contributing WriterNews
A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.
By Robert Lemos Contributing Writer, 5/3/2021
Comment0 comments  |  Read  |  Post a Comment
Stopping the Next SolarWinds Requires Doing Something Different
Tony Cole, CTO at Attivo NetworksCommentary
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
By Tony Cole CTO at Attivo Networks, 5/3/2021
Comment2 comments  |  Read  |  Post a Comment
New Threat Group Carrying Out Aggressive Ransomware Campaign
Jai Vijayan, Contributing WriterNews
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
By Jai Vijayan Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
The Ticking Time Bomb in Every Company's Code
Pedro Fortuna, CTO and Co-Founder of JscramblerCommentary
Developers must weigh the benefits and risks of using third-party code in Web apps.
By Pedro Fortuna CTO and Co-Founder of Jscrambler, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Connect Complex Specs to Software Vulnerabilities
Robert Lemos, Contributing WriterNews
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
By Robert Lemos Contributing Writer, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
The Challenge of Securing Non-People Identities
Eric Kedrosky, Chief Information Security Officer at Sonrai SecurityCommentary
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
By Eric Kedrosky Chief Information Security Officer at Sonrai Security, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
74% of Financial Institutions See Spike in COVID-Related Threats
Dark Reading Staff, Quick Hits
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
Jai Vijayan, Contributing WriterNews
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
By Jai Vijayan Contributing Writer, 4/26/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36197
PUBLISHED: 2021-05-13
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This ...
CVE-2020-36198
PUBLISHED: 2021-05-13
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP...
CVE-2021-28799
PUBLISHED: 2021-05-13
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3...
CVE-2021-22155
PUBLISHED: 2021-05-13
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s acco...
CVE-2021-23134
PUBLISHED: 2021-05-12
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.