Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Active Directory Attacks Hit the Mainstream
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
By Jason Crabtree CEO & Co-Founder, QOMPLX, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
The Wild, Wild West(world) of Cybersecurity
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/27/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Management Isn't Just a Numbers Game
Prateek Bhajanka, VP of Product Management, Vulnerability Management, Detection, and Response at QualysCommentary
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
By Prateek Bhajanka VP of Product Management, Vulnerability Management, Detection, and Response at Qualys, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Cybersecurity Crossword Puzzle
Edge Editors, Dark Reading
Here's a little something to snuggle up with if you're on lockdown.
By Edge Editors Dark Reading, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Security Ratings Are a Dangerous Fantasy
Dr. Tim Junio, co-founder and CEO of ExpanseCommentary
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
By Dr. Tim Junio co-founder and CEO of Expanse, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
TrickBot Module Takes Aim at Remote Desktops
Robert Lemos, Contributing WriterNews
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
By Robert Lemos Contributing Writer, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure SecurityCommentary
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
By Dr. Salvatore Stolfo Founder & CTO, Allure Security, 3/17/2020
Comment2 comments  |  Read  |  Post a Comment
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity SoftwareCommentary
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
By Yaniv Valik VP Product, Cyber and IT Resilience, Continuity Software, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
How the Rise of IoT Is Changing the CISO Role
Phil Neray, VP of IoT & Industrial Cybersecurity at CyberXCommentary
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
By Phil Neray VP of IoT & Industrial Cybersecurity at CyberX, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Threat Awareness: A Critical First Step in Detecting Adversaries
Dan Schiappa, Executive Vice President & Chief Product Officer at SophosCommentary
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
By Dan Schiappa Executive Vice President & Chief Product Officer at Sophos, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways to Strengthen Your Cyber Defenses
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
By Chris Hallenbeck CISO for the Americas at Tanium, 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
6 Truths About Disinformation Campaigns
Jai Vijayan, Contributing Writer
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
By Jai Vijayan Contributing Writer, 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020
Comment3 comments  |  Read  |  Post a Comment
What Your Company Needs to Know About Hardware Supply Chain Security
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
Ensure Your Cloud Security Is as Modern as Your Business
Nicolas (Nico) Fischbach, Global CTO at ForcepointCommentary
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Cloud Data Security Conundrum
Faiyaz Shahpurwala, Chief Product and Strategy Officer for FortanixCommentary
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
By Faiyaz Shahpurwala Chief Product and Strategy Officer for Fortanix, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Don't Let Iowa Bring Our Elections Back to the Stone Age
Andre McGregor, Chief Security Officer at ShiftState & Veteran FBI AgentCommentary
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
By Andre McGregor Chief Security Officer at ShiftState & Veteran FBI Agent, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.