Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
6 Things to Know About the Microsoft 'Zerologon' Flaw
News  |  9/25/2020  | 
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
News  |  9/25/2020  | 
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
Getting Over the Security-to-Business Communication Gap in DevSecOps
News  |  9/25/2020  | 
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
News  |  9/24/2020  | 
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
Critical Instagram Flaw Could Let Attackers Spy on Victims
News  |  9/24/2020  | 
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Solving the Problem With Security Standards
Commentary  |  9/24/2020  | 
More explicit threat models can make security better and open the door to real and needed innovation.
CrowdStrike Agrees to Acquire Preempt Security for $96M
Quick Hits  |  9/24/2020  | 
CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
News  |  9/23/2020  | 
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
My Journey Toward SAP Security
Commentary  |  9/23/2020  | 
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Commentary  |  9/23/2020  | 
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
Attackers Target Small Manufacturing Firms
News  |  9/22/2020  | 
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
Vulnerability Disclosure Programs See Signups & Payouts Surge
News  |  9/22/2020  | 
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Quick Hits  |  9/21/2020  | 
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Deadly Ransomware Story Continues to Unfold
Quick Hits  |  9/18/2020  | 
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
Mitigating Cyber-Risk While We're (Still) Working from Home
Commentary  |  9/18/2020  | 
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
News  |  9/17/2020  | 
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Ransomware Gone Awry Has Fatal Consequences
Quick Hits  |  9/17/2020  | 
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
News  |  9/16/2020  | 
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
DDoS Attacks Rose 151% in First Half of 2020
Quick Hits  |  9/16/2020  | 
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
US Charges Five Members of China-Linked APT41 for Global Attacks
Quick Hits  |  9/16/2020  | 
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
CISA Joins MITRE to Issue Vulnerability Identifiers
News  |  9/16/2020  | 
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
Meet the Computer Scientist Who Helped Push for Paper Ballots
News  |  9/16/2020  | 
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
CISA Issues Alert for Microsoft Netlogon Vulnerability
Quick Hits  |  9/15/2020  | 
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
Simplify Your Privacy Approach to Overcome CCPA Challenges
Commentary  |  9/15/2020  | 
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
News  |  9/14/2020  | 
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
Large Cloud Providers Much Less Likely Than Enterprises to Get Breached
News  |  9/14/2020  | 
Pen-test results also show a majority of organizations have few protections against attackers already on the network.
E-Commerce Sites Hit With New Attack on Magento
Quick Hits  |  9/14/2020  | 
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
Ransomware Hits US District Court in Louisiana
Quick Hits  |  9/14/2020  | 
The ransomware attack has exposed internal documents from the court and knocked its website offline.
Virginia's Largest School System Hit With Ransomware
Quick Hits  |  9/14/2020  | 
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
Open Source Security's Top Threat and What To Do About It
Commentary  |  9/14/2020  | 
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
More Printers Could Mean Security Problems for Home-Bound Workers
News  |  9/14/2020  | 
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Fraud Prevention During the Pandemic
Commentary  |  9/11/2020  | 
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
US Sanctions Russian Attackers for 2020 Election Interference
News  |  9/10/2020  | 
The move comes as Microsoft publishes research on attack groups and activity attempting to target the Biden and Trump campaigns.
6 Lessons IT Security Can Learn From DevOps
Slideshows  |  9/10/2020  | 
DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
ThreatConnect Buys Nehemiah Security
Quick Hits  |  9/10/2020  | 
Threat intelligence firm adds Nehemiah's Risk Quantifier to its platform.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Commentary  |  9/10/2020  | 
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Commentary  |  9/10/2020  | 
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
Legality of Security Research to Be Decided in US Supreme Court Case
News  |  9/9/2020  | 
A ruling that a police officer's personal use of a law enforcement database is "hacking" has security researchers worried for the future.
Meet the Middlemen Who Connect Cybercriminals With Victims
News  |  9/9/2020  | 
An analysis of initial access brokers explains how they break into vulnerable organizations and sell their access for up to $10,000.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...