Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2020
Page 1 / 3   >   >>
Rising Ransomware Breaches Underscore Cybersecurity Failures
News  |  10/31/2020  | 
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
New Wroba Campaign Is Latest Sign of Growing Mobile Threats
News  |  10/30/2020  | 
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
JavaScript Obfuscation Moves to Phishing Emails
News  |  10/30/2020  | 
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
Quick Hits  |  10/30/2020  | 
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
SANS Launches New CyberStart Program for All High School Students
News  |  10/30/2020  | 
Free program lets students solve real-world security problems - and learn about cybersecurity.
First the Good News: Number of Breaches Down 51% Year Over Year
News  |  10/29/2020  | 
But the number of records put at risk experiences a massive increase. Here's why.
McAfee Launches XDR, Browser Isolation, Cloud App Security Tools
Quick Hits  |  10/29/2020  | 
New additions are built to help organizations better respond to threats and protect applications and data in the cloud.
Hackers Make Off With Millions From Wisconsin Republicans
Quick Hits  |  10/29/2020  | 
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
Ransomware Wave Targets US Hospitals: What We Know So Far
News  |  10/29/2020  | 
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
News  |  10/29/2020  | 
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership
Commentary  |  10/29/2020  | 
Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
How to Increase Voter Turnout & Reduce Fraud
Commentary  |  10/29/2020  | 
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
'Act of War' Clause Could Nix Cyber Insurance Payouts
News  |  10/29/2020  | 
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
Is Your Encryption Ready for Quantum Threats?
Commentary  |  10/29/2020  | 
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
News  |  10/28/2020  | 
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
US Government Issues Warning on Kimsuky APT Group
Quick Hits  |  10/28/2020  | 
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
6 Ways Passwords Fail Basic Security Tests
Slideshows  |  10/28/2020  | 
New data shows humans still struggle with password creation and management.
Rethinking Security for the Next Normal -- Under Pressure
Commentary  |  10/28/2020  | 
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
Trump Campaign Website Defaced by Unknown Attackers
Quick Hits  |  10/28/2020  | 
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
Physical Security Has a Lot of Catching Up to Do
Commentary  |  10/28/2020  | 
The transformation we need: merging the network operations center with the physical security operations center.
Survey Uncovers High Level of Concern Over Firewalls
News  |  10/27/2020  | 
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
News  |  10/27/2020  | 
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
MITRE Shield Matrix Highlights Deception & Concealment Technology
Commentary  |  10/27/2020  | 
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Akamai Acquires Asavie
Quick Hits  |  10/27/2020  | 
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
News  |  10/27/2020  | 
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
Employees Aware of Emailed Threats Open Suspicious Messages
Quick Hits  |  10/27/2020  | 
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
5 Human Factors That Affect Secure Software Development
Commentary  |  10/27/2020  | 
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
Neural Networks Help Users Pick More-Secure Passwords
News  |  10/26/2020  | 
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
Quick Hits  |  10/26/2020  | 
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
New Report Links Cybersecurity and Sustainability
Quick Hits  |  10/26/2020  | 
Some have also created the role of chief sustainability officer, according to Kaspersky.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Commentary  |  10/26/2020  | 
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
The Story of McAfee: How the Security Giant Arrived at a Second IPO
News  |  10/26/2020  | 
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.
US Treasury Sanctions Russian Institution Linked to Triton Malware
Quick Hits  |  10/23/2020  | 
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Flurry of Warnings Highlight Cyber Threats to US Elections
News  |  10/23/2020  | 
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Botnet Infects Hundreds of Thousands of Websites
News  |  10/22/2020  | 
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
News  |  10/22/2020  | 
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
McAfee Raises $740M in Second IPO
Quick Hits  |  10/22/2020  | 
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
Need for 'Guardrails' in Cloud-Native Applications Intensifies
News  |  10/22/2020  | 
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
FIRST Announces Cyber-Response Ethical Guidelines
Quick Hits  |  10/21/2020  | 
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
Oracle Releases Another Mammoth Security Patch Update
News  |  10/21/2020  | 
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
News  |  10/21/2020  | 
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
As Smartphones Become a Hot Target, Can Mobile EDR Help?
News  |  10/21/2020  | 
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.