Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
500,000 Documents Exposed in Open S3 Bucket Incident
Dark Reading Staff, Quick Hits
The open database exposed highly sensitive financial and business documents related to two financial organizations.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
7x彩票网app Got Tagged, but not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Patches Two Zero-Days Under Attack
Dark Reading Staff, Quick Hits
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Attorney General Directs DoJ to Prioritize Coronavirus Crime
Dark Reading Staff, Quick Hits
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.
By Dark Reading Staff , 3/17/2020
Comment1 Comment  |  Read  |  Post a Comment
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure SecurityCommentary
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
By Dr. Salvatore Stolfo Founder & CTO, Allure Security, 3/17/2020
Comment2 comments  |  Read  |  Post a Comment
Needed: A Cybersecurity Good Samaritan Law
Tom McAndrew, CEO at CoalfireCommentary
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
By Tom McAndrew CEO at Coalfire, 3/17/2020
Comment0 comments  |  Read  |  Post a Comment
Five Indicted on Romance and Lottery Fraud Charges
Dark Reading Staff, Quick Hits
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
By Dark Reading Staff , 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
Hellman & Friedman Acquires Checkmarx for $1.15B
Dark Reading Staff, Quick Hits
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.
By Dark Reading Staff , 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
Robert Lemos, Contributing WriterNews
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
By Robert Lemos Contributing Writer, 3/16/2020
Comment1 Comment  |  Read  |  Post a Comment
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Michal Bar, Head of Cybersecurity Professional Services at CylusCommentary
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
By Michal Bar Head of Cybersecurity Professional Services at Cylus, 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
By Kelly Sheridan Staff Editor, Dark Reading, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
Big BEC Bust Brings Down Dozens
Dark Reading Staff, Quick Hits
Two dozen individuals have been named in the latest arrests of alleged participants in a business email compromise scheme that cost victims $30 million.
By Dark Reading Staff , 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
What Cybersecurity Pros Really Think About Artificial Intelligence
Ericka Chickowski, Contributing Writer
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
By Ericka Chickowski Contributing Writer, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity SoftwareCommentary
Law-abiding folks like us applauded Texas for its bravery ? but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
By Yaniv Valik VP Product, Cyber and IT Resilience, Continuity Software, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Shows Breach Costs Continuing to Grow
Dark Reading Staff, Quick Hits
The costs associated with data breaches climb alongside the amount of data managed by the enterprise according to the latest Global Protection Index Snapshot.
By Dark Reading Staff , 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Leaked Remote Code Execution Flaw
Dark Reading Staff, Quick Hits
A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.
By Dark Reading Staff , 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Increasingly Targeting Small Governments
Robert Lemos, Contributing WriterNews
To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.
By Robert Lemos Contributing Writer, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Discloses New Remote Execution Flaw in SMBv3
Jai Vijayan, Contributing WriterNews
A patch for the flaw is not yet available, but there are no known exploits -- so far.
By Jai Vijayan Contributing Writer, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Many Ransomware Attacks Can be Stopped Before They Begin
Jai Vijayan, Contributing Writer,  3/17/2020
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure Security,  3/17/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as ...

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as sh...

PUBLISHED: 2020-03-18
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, whi...

PUBLISHED: 2020-03-18
The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in verisons prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

PUBLISHED: 2020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissi...
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app