Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps
Curtis Franklin Jr., Senior Editor at Dark Reading
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Enterprise Cloud Use Continues to Outpace Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 60% of IT and security pros say deployment of business services in the cloud has rushed past their ability to secure them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Cloud Data Security Conundrum
Faiyaz Shahpurwala, Chief Product and Strategy Officer for FortanixCommentary
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
By Faiyaz Shahpurwala Chief Product and Strategy Officer for Fortanix, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Security News from RSAC 2020
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
By Dark Reading Staff , 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Improve Your Employees' Mobile Security
Kelly Sheridan, Staff Editor, Dark Reading
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
NRC Health Ransomware Attack Prompts Patient Data Concerns
Dark Reading Staff, Quick Hits
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.
By Dark Reading Staff , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
How to Get CISOs & Boards on the Same Page
Joe Schorr, Global Executive Services Director, Optiv SecurityCommentary
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
By Joe Schorr Global Executive Services Director, Optiv Security, 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff, Quick Hits
A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.
By Dark Reading Staff , 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment3 comments  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Let Iowa Bring Our Elections Back to the Stone Age
Andre McGregor, Chief Security Officer at ShiftState & Veteran FBI AgentCommentary
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
By Andre McGregor Chief Security Officer at ShiftState & Veteran FBI Agent, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
The Trouble with Free and Open Source Software
Jai Vijayan, Contributing WriterNews
Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes.
By Jai Vijayan Contributing Writer, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Lumu to Emerge from Stealth at RSAC
Dark Reading Staff, Quick Hits
The new company will focus on giving customers earlier indications of network and server compromise.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Firmware Weaknesses Can Turn Computer Subsystems into Trojans
Robert Lemos, Contributing WriterNews
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.
By Robert Lemos Contributing Writer, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
8 Things Users Do That Make Security Pros Miserable
Curtis Franklin Jr., Senior Editor at Dark Reading
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Dark Reading Staff, Quick Hits
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
More Conversations
PR Newswire
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5244
PUBLISHED: 2020-02-24
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
CVE-2020-5245
PUBLISHED: 2020-02-24
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-vali...
CVE-2020-9369
PUBLISHED: 2020-02-24
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
CVE-2019-10796
PUBLISHED: 2020-02-24
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
CVE-2019-10798
PUBLISHED: 2020-02-24
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.