Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2020
Page 1 / 3   >   >>
Ripple20 Threatens Increasingly Connected Medical Devices
News  |  6/30/2020  | 
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
COVID-19 Puts ICS Security Initiatives 'On Pause'
News  |  6/30/2020  | 
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
FCC Designates Huawei & ZTE as National Security Threats
News  |  6/30/2020  | 
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Quick Hits  |  6/30/2020  | 
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks
News  |  6/30/2020  | 
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
University of California SF Pays Ransom After Medical Servers Hit
News  |  6/29/2020  | 
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
News  |  6/29/2020  | 
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
HackerOne Reveals Top 10 Bug-Bounty Programs
Quick Hits  |  6/29/2020  | 
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
Files Stolen from 945 Websites Discovered on Dark Web
Quick Hits  |  6/29/2020  | 
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Major US Companies Targeted in New Ransomware Campaign
News  |  6/26/2020  | 
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.
SOC Wins & Losses
News  |  6/26/2020  | 
While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny
News  |  6/25/2020  | 
Researchers from IntSights observed a sharp increase in the use of popular instant messaging apps over the past year among threat groups.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Vulnerabilities Declining in Open Source, but Slow Patching Still a Problem
News  |  6/25/2020  | 
Even as more code is produced, indirect dependencies continue to undermine security.
Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods
News  |  6/25/2020  | 
Malicious botnet sources explode in new attacks that push boundaries in terms of volume and duration.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Lucifer Malware Aims to Become Broad Platform for Attacks
News  |  6/25/2020  | 
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China
News  |  6/25/2020  | 
Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China.
Apple Buys Fleetsmith
Quick Hits  |  6/24/2020  | 
The fleet management company becomes part of Apple in a deal announced today.
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
News  |  6/24/2020  | 
Government-mandated Internet shutdowns occur far more regularly than you might expect.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
News  |  6/24/2020  | 
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Microsoft Previews Windows Defender ATP for Android
Quick Hits  |  6/23/2020  | 
In addition, the first release of Defender ATP for Linux is now generally available.
Twitter Says Business Users Were Vulnerable to Data Breach
Quick Hits  |  6/23/2020  | 
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
Attackers Scanning for PoS Software in New Sodinokibi Ransomware Campaign
News  |  6/23/2020  | 
Making extra money from victims appears to be the goal, Symantec says.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Microsoft Acquires IoT/OT Security Firm CyberX
Quick Hits  |  6/22/2020  | 
Deal extends Microsoft Azure for legacy industrial devices.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Employees Say They're Working From Home Without Security Guidance
Quick Hits  |  6/22/2020  | 
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Australian Government Under Ongoing Cyberattack
Quick Hits  |  6/19/2020  | 
Experts believe China is behind the attack campaign, but China denies responsibility.
Cloud Security Alliance Offers Tips to Protect Telehealth Data
News  |  6/19/2020  | 
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
Cisco Patches Flaw in Webex Videoconferencing App
News  |  6/18/2020  | 
Vulnerability would have allowed an attacker to gain access to sensitive information on a system, Trustwave's SpiderLabs says.
Have Your Say: Dark Reading Video News Desk Seeks Reader Contributions
News  |  6/18/2020  | 
We've got questions for you on black infosec, burnout, vulnerabilities, COVID-19, and much more. Send us your video responses and we'll play them in our News Desk broadcast during Black Hat Virtual.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
Page 1 / 3   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.