Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
IcedID Shows Obfuscation Sophistication in New Campaign
Dark Reading Staff, Quick Hits
The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.
By Dark Reading Staff , 8/14/2020
Comment0 comments  |  Read  |  Post a Comment
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Dark Reading Staff, Quick Hits
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
By Dark Reading Staff , 8/14/2020
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Keep Your Remote Workforce Safe
Steve Zurier, Contributing Writer
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
By Steve Zurier Contributing Writer, 8/14/2020
Comment1 Comment  |  Read  |  Post a Comment
CISA Warns of Phishing Campaign with Loan-Relief Lure
Dark Reading Staff, Quick Hits
Phishing emails and fake website promise help with the Small Business Administration's program that aids those affected by COVID-19.
By Dark Reading Staff , 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing WriterNews
Breach disclosures are down, and reported ransomware attacks have also plummeted. Good news -- or a calm before the storm?
By Robert Lemos Contributing Writer, 8/13/2020
Comment1 Comment  |  Read  |  Post a Comment
RedCurl APT Group Hacks Global Companies for Corporate Espionage
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
The Race to Hack a Satellite at DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Boeing's DEF CON Debut a Sign of the Times
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to "embrace" the hacker community.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Secure Development Takes a (Remote) Village
Guy Podjarny, CEO & Cofounder, SnykCommentary
The shift to work from home isn't just about giving your Dev team the physical tools they need.
By Guy Podjarny CEO & Cofounder, Snyk, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
NSA & FBI Disclose New Russian Cyberespionage Malware
Dark Reading Staff, Quick Hits
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
By Dark Reading Staff , 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Heather Federman, VP of Privacy & Policy at BigIDCommentary
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
By Heather Federman VP of Privacy & Policy at BigID, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Return Brings New Tactics & Evasion Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Announces New Bug-Bounty Program
Dark Reading Staff, Quick Hits
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Using 'Data for Good' to Control the Pandemic
Neil Sweeney, Founder & CEO, KilliCommentary
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
By Neil Sweeney Founder & CEO, Killi, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
SANS Security Training Firm Hit with Data Breach
Dark Reading Staff, Quick Hits
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Patrick Carey, Vice President Product Management, ExopriseCommentary
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
By Patrick Carey Vice President Product Management, Exoprise, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
Robert Lemos, Contributing WriterNews
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
By Robert Lemos Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Dark Reading Staff, Quick Hits
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.