Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2020
<<   <   Page 3 / 3
How Can We Make Election Technology Secure?
Commentary  |  2/6/2020  | 
In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.
RSAC Sets Finalists for Innovation Sandbox
Slideshows  |  2/6/2020  | 
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Majority of Network, App-Layer DDoS Attacks in 2019 Were Small
News  |  2/5/2020  | 
Attacks turned to cheaper, shorter attacks to try and disrupt targets, Imperva analysis shows.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Emotet Preps for Tax Season with New Phishing Campaign
Quick Hits  |  2/5/2020  | 
Malicious emails in a new attack campaign contain links and attachments claiming to lead victims to W-9 forms.
Keeping Compliance Data-Centric Amid Accelerating Regulation
Commentary  |  2/5/2020  | 
As the regulatory landscape transforms, it's still smart to stay strategically focused on protecting your data.
Hiring Untapped Security Talent Can Transform the Industry
Commentary  |  2/5/2020  | 
Cybersecurity needs unconventional hires to help lead the next phase of development and innovation, coupled with salaries that aren't insulting
Companies Pursue Zero Trust, but Implementers Are Hesitant
News  |  2/4/2020  | 
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.
8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products
News  |  2/4/2020  | 
Six of them were the same as from the previous year, according to new Recorded Future analysis.
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
News  |  2/4/2020  | 
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets.
Microsoft DART Finds Web Shell Threat on the Rise
Quick Hits  |  2/4/2020  | 
Various APT groups are successfully using Web shell attacks on a more frequent basis.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
Commentary  |  2/4/2020  | 
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
7 Ways SMBs Can Secure Their Websites
Slideshows  |  2/4/2020  | 
Here's what small and midsize businesses should consider when they decide it's time to up their website security.
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
Quick Hits  |  2/4/2020  | 
The company believes state-sponsored actors may also be involved.
Kubernetes Shows Built-in Weakness
News  |  2/4/2020  | 
A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them.
What WON'T Happen in Cybersecurity in 2020
Commentary  |  2/4/2020  | 
Predictions are a dime a dozen. Here are six trends that you won't be hearing about anytime soon.
Bad Certificate Knocks Teams Offline
Quick Hits  |  2/3/2020  | 
Microsoft allowed a certificate to expire, knocking the Office 365 version of Teams offline for almost an entire day.
EKANS Ransomware Raises Industrial-Control Worries
News  |  2/3/2020  | 
Although the ransomware is unsophisticated, the malware does show that some crypto-attackers are targeting certain industrial control products.
Attackers Actively Targeting Flaw in Door-Access Controllers
News  |  2/3/2020  | 
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
Researchers Find 24 'Dangerous' Android Apps with 382M Installs
News  |  2/3/2020  | 
Shenzhen Hawk Internet Co. is identified as the parent company behind five app developers seeking excessive permissions in Android apps.
Coronavirus Phishing Attack Infects US, UK Inboxes
Quick Hits  |  2/3/2020  | 
Cybercriminals capitalize on fears of a global health emergency with phishing emails claiming to offer advice for protecting against coronavirus.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.