Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2020
Page 1 / 3   >   >>
Driven by Ransomware, Cyber Claims Rise in Number & Value
News  |  11/30/2020  | 
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
Commentary  |  11/30/2020  | 
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
Baltimore County Public Schools Closed Due to Ransomware Attack
News  |  11/30/2020  | 
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
Industrial Computer Maker Confirms Ransomware, Data Theft
Quick Hits  |  11/30/2020  | 
Advantech reports the stolen data was confidential but did not contain high-value documents.
Why Vulnerable Code Is Shipped Knowingly
Commentary  |  11/30/2020  | 
The business priority of speed of development and deployment is overshadowing the need for secure code.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Commentary  |  11/27/2020  | 
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
Do You Know Who's Lurking in Your Cloud Environment?
News  |  11/25/2020  | 
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Look Beyond the 'Big 5' in Cyberattacks
News  |  11/25/2020  | 
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Commentary  |  11/25/2020  | 
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design
News  |  11/25/2020  | 
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Latest Version of TrickBot Employs Clever New Obfuscation Trick
News  |  11/24/2020  | 
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Baidu Apps Leaked Location Data, Machine Learning Reveals
News  |  11/24/2020  | 
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
CISA Warns of Holiday Online Shopping Scams
Quick Hits  |  11/24/2020  | 
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
Alexa, Disarm the Victim's Home Security System
News  |  11/24/2020  | 
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
Cloud Security Startup Lightspin Emerges From Stealth
News  |  11/24/2020  | 
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Commentary  |  11/24/2020  | 
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
What's in Store for Privacy in 2021
News  |  11/24/2020  | 
Changes are coming to the privacy landscape, including more regulations and technologies.
Printers' Cybersecurity Threats Too Often Ignored
Commentary  |  11/24/2020  | 
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
Security Researchers Sound Alarm on Smart Doorbells
News  |  11/23/2020  | 
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
News  |  11/23/2020  | 
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
News  |  11/23/2020  | 
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Manchester United Suffers Cyberattack
Quick Hits  |  11/23/2020  | 
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Quick Hits  |  11/23/2020  | 
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Commentary  |  11/23/2020  | 
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Commentary  |  11/23/2020  | 
Online shopping will be more popular than ever with consumers... and with malicious actors too.
10 Undergraduate Security Degree Programs to Explore
Slideshows  |  11/23/2020  | 
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
Facebook Messenger Flaw Enabled Spying on Android Callees
Quick Hits  |  11/20/2020  | 
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Security Pros Push for More Pervasive Threat Modeling
News  |  11/20/2020  | 
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
How Cyberattacks Work
Commentary  |  11/20/2020  | 
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
Telos Goes Public
News  |  11/19/2020  | 
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
Quick Hits  |  11/19/2020  | 
The data breach began with a compromised employee email account.
Cybercriminals Get Creative With Google Services
News  |  11/19/2020  | 
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
Quick Hits  |  11/19/2020  | 
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
The Yellow Brick Road to Risk Management
Commentary  |  11/19/2020  | 
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
COVID-19: Latest Security News & Commentary
News  |  11/19/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
New Proposed DNS Security Features Released
News  |  11/19/2020  | 
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
2021 Cybersecurity Spending: How to Maximize Value
Commentary  |  11/19/2020  | 
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
Unpatched Browsers Abound, Study Shows
News  |  11/19/2020  | 
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
Online Shopping Surge Puts Focus on Consumer Security Habits
News  |  11/18/2020  | 
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
News  |  11/18/2020  | 
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
Trump Fires CISA Director Chris Krebs
Quick Hits  |  11/18/2020  | 
Christopher Krebs was fired via tweet shortly after the Cybersecurity and Infrastructure Security Agency called the 2020 election "the most secure in American history."
As Businesses Move to Multicloud Approach, Ransomware Follows
News  |  11/18/2020  | 
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
How to Identify Cobalt Strike on Your Network
Commentary  |  11/18/2020  | 
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Researchers Say They've Developed Fastest Open Source IDS/IPS
News  |  11/18/2020  | 
With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
News  |  11/17/2020  | 
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
EFF, Security Experts Condemn Politicization of Election Security
Quick Hits  |  11/17/2020  | 
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
Vulnerability Prioritization Tops Security Pros' Challenges
Commentary  |  11/17/2020  | 
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Researchers Scan for Supply-Side Threats in Open Source
News  |  11/17/2020  | 
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...