Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2020
Page 1 / 3   >   >>
Defense Evasion Dominated 2019 Attack Tactics
News  |  3/31/2020  | 
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack
News  |  3/31/2020  | 
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
Why Third-Party Risk Management Has Never Been More Important
Commentary  |  3/31/2020  | 
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Quick Hits  |  3/31/2020  | 
The data was breached through the credentials of two franchisee employees.
Patching Poses Security Problems with Move to More Remote Work
News  |  3/31/2020  | 
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
Palo Alto Networks to Buy CloudGenix for $420M
Quick Hits  |  3/31/2020  | 
Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.
Does the 2020 Online Census Account for Security Risk?
News  |  3/31/2020  | 
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
How Much Downtime Can Your Company Handle?
Commentary  |  3/31/2020  | 
Why every business needs cyber resilience and quick recovery times.
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Slideshows  |  3/31/2020  | 
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
News  |  3/30/2020  | 
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Microsoft Edge Will Tell You If Credentials Are Compromised
Quick Hits  |  3/30/2020  | 
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
HackerOne Drops Mobile Voting App Vendor Voatz
Quick Hits  |  3/30/2020  | 
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Malicious USB Drive Hides Behind Gift Card Lure
Quick Hits  |  3/27/2020  | 
Victims are being enticed to insert an unknown USB drive into their computers.
Virgin Media Could Pay 4.5B for Leak Affecting 900,000 Customers
Quick Hits  |  3/27/2020  | 
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
News  |  3/27/2020  | 
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
Cyber Version of 'Justice League' Launches to Fight COVID-19 Related Hacks
News  |  3/26/2020  | 
Goal is to help organizations especially healthcare entities protect against cybercriminals trying to take advantage of the pandemic.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic
News  |  3/26/2020  | 
Inside the efforts to keep the quarantined world's popular Internet services running smoothly.
10 Security Services Options for SMBs
Slideshows  |  3/26/2020  | 
Outsourcing security remains one of the best ways for small to midsize businesses to protect themselves from cyberthreats.
Security Not a Priority for SAP Projects, Users Report
Quick Hits  |  3/26/2020  | 
Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Technology Empowers Pandemic Response, But Privacy Worries Remain
News  |  3/26/2020  | 
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
China-Based Threat Group Launches Widespread Malicious Campaign
News  |  3/26/2020  | 
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Tupperware Hit by Card Skimmer Attack
Quick Hits  |  3/25/2020  | 
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
Quick Hits  |  3/25/2020  | 
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
New APT Targets Middle Eastern Victims
Quick Hits  |  3/24/2020  | 
The new malware, dubbed "Milum," can take control of industrial devices.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Cybercriminals' Promises to Pause During Pandemic Amount to Little
News  |  3/24/2020  | 
As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground.
Automated Tools Make Cyberattacks Easier to Pull Off
News  |  3/24/2020  | 
Gone are the days when threat actors had to actually spend time and effort planning and developing an attack on their own, Recorded Future says.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Quick Hits  |  3/23/2020  | 
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
From Zero to Hero: CISO Edition
Commentary  |  3/23/2020  | 
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Proof of Concept Released for kr00k Wi-Fi Vulnerability
Quick Hits  |  3/20/2020  | 
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
News  |  3/20/2020  | 
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
DDoS Attack Targets German Food Delivery Service
Quick Hits  |  3/19/2020  | 
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.