Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing WriterNews
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
By Robert Lemos Contributing Writer, 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
New APT Group Targets Airline Industry & Immigration
Jai Vijayan, Contributing WriterNews
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
3 Security Flaws in Smart Devices & IoT That Need Fixing
Grigorii Markov, CEO, Cerber Tech Inc.Commentary
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
By Grigorii Markov CEO, Cerber Tech Inc., 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Releases Second Set of February Firmware Patches
Dark Reading Staff, Quick Hits
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Michael Ohanian, Vice President of Product Management at NetsurionCommentary
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
By Michael Ohanian Vice President of Product Management at Netsurion, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
CVSS as a Framework, Not a Score
Tim Morgan, Chief Technology Officer of DeepSurface SecurityCommentary
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
By Tim Morgan Chief Technology Officer of DeepSurface Security, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
What Can Your Connected Car Reveal About You?
Alejandro Hernandez, Senior Consultant at IOActiveCommentary
App developers must take responsibility for the security of users' data.
By Alejandro Hernandez Senior Consultant at IOActive, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
How to Fine-Tune Vendor Risk Management in a Virtual World
Ryan Smyth & Spencer MacDonald, Managing Director / Director, FTI TechnologyCommentary
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
By Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Concludes Internal Investigation into Solorigate Breach
Robert Lemos, Contributing WriterNews
The software giant found no evidence that attackers gained extensive access to services or customer data.
By Robert Lemos Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
Robert Lemos, Contributing WriterNews
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
By Robert Lemos Contributing Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Under Attack: Hosting & Internet Service Providers
Marc Wilczek, Digital Strategist & COO of Link11Commentary
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
By Marc Wilczek Digital Strategist & COO of Link11, 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
7 Things We Know So Far About the SolarWinds Attacks
Jai Vijayan, Contributing Writer
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
By Jai Vijayan Contributing Writer, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Tsvi Korren, Field CTO, Aqua SecurityCommentary
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
By Tsvi Korren Field CTO, Aqua Security, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
Robert Lemos, Contributing WriterNews
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
By Robert Lemos Contributing Writer, 2/9/2021
Comment1 Comment  |  Read  |  Post a Comment
How Neurodiversity Can Strengthen Cybersecurity Defense
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
Jai Vijayan, Contributing WriterNews
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
By Jai Vijayan Contributing Writer, 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Says It's Time to Attack Your Machine-Learning Models
Robert Lemos, Contributing WriterNews
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.
By Robert Lemos Contributing Writer, 2/4/2021
Comment0 comments  |  Read  |  Post a Comment
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Rui Ribeiro, CEO & Co-Founder at JscramblerCommentary
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
By Rui Ribeiro CEO & Co-Founder at Jscrambler, 1/29/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25902
PUBLISHED: 2021-03-02
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.
CVE-2020-1936
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
CVE-2021-27904
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVE-2021-27901
PUBLISHED: 2021-03-02
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...