Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Robert Lemos, Contributing WriterNews
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Strategic Cyber Warfare Heats Up
Seth Rosenblatt, Contributing WriterNews
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
By Seth Rosenblatt Contributing Writer, 9/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Fake Data and Fake Information: A Treasure Trove for Defenders
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 9/3/2020
Comment0 comments  |  Read  |  Post a Comment
DHS Partners with Industry to Offer State, Local Gov'ts Cybersecurity Aid
Robert Lemos, Contributing WriterNews
The US Department of Homeland Security teams up with Akamai and the Center for Internet Security to provide state and local governments with cybersecurity through DNS for free.
By Robert Lemos Contributing Writer, 9/2/2020
Comment0 comments  |  Read  |  Post a Comment
New Threat Activity by Lazarus Group Spells Trouble for Orgs
Jai Vijayan, Contributing WriterNews
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.
By Jai Vijayan Contributing Writer, 9/1/2020
Comment0 comments  |  Read  |  Post a Comment
Is China the World's Greatest Cyber Power?
Robert Lemos, Contributing WriterNews
While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China's aggressive approach to cyber operations has made it "perhaps the world's greatest cyber power."
By Robert Lemos Contributing Writer, 8/27/2020
Comment2 comments  |  Read  |  Post a Comment
How CISOs Can Play a New Role in Defining the Future of Work
David Bradbury, CSO, OktaCommentary
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
By David Bradbury CSO, Okta, 8/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Three Easy Ways to Avoid Meow-like Database Attacks
Ron Bennatan, Co-founder & CTO of jSonarCommentary
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
Large Ad Network Collects Private Activity Data, Reroutes Clicks
Robert Lemos, Contributing WriterNews
A Chinese mobile advertising firm has modified code in the software development kit included in more than 1,200 apps, maliciously collecting user activity and performing ad fraud, says Snyk, a software security firm.
By Robert Lemos Contributing Writer, 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach in 2020: $3.86M
Marc Wilczek, Digital Strategist & COO of Link11Commentary
When companies defend themselves against cyberattacks, time is money.
By Marc Wilczek Digital Strategist & COO of Link11, 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
74 Days From the Presidential Election, Security Worries Mount
Robert Lemos, Contributing WriterNews
With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.
By Robert Lemos Contributing Writer, 8/21/2020
Comment1 Comment  |  Read  |  Post a Comment
'Next-Gen' Supply Chain Attacks Surge 430%
Ericka Chickowski, Contributing WriterNews
Attackers are increasingly seeding open source projects with compromised components.
By Ericka Chickowski Contributing Writer, 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Nasser Al-Nasser & Dr. Guy Diedrich, Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco SystemsCommentary
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
By Nasser Al-Nasser & Dr. Guy Diedrich Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco Systems, 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
Smart-Lock Hacks Point to Larger IoT Problems
Nicole Ferraro, Contributing WriterNews
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
By Nicole Ferraro Contributing Writer, 8/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Newly Patched Alexa Flaws a Red Flag for Home Workers
Steve Zurier, Contributing WriterNews
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
By Steve Zurier Contributing Writer, 8/19/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nobesityahmedabad
Current Conversations Very useful information
In reply to: Re: Chart
Post Your Own Reply
Posted by Theallove
Current Conversations Good post, thanks!!
In reply to: best
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...