Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2020
Page 1 / 3   >   >>
Ripple20 Threatens Increasingly Connected Medical Devices
News  |  6/30/2020  | 
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
COVID-19 Puts ICS Security Initiatives 'On Pause'
News  |  6/30/2020  | 
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
FCC Designates Huawei & ZTE as National Security Threats
News  |  6/30/2020  | 
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Quick Hits  |  6/30/2020  | 
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks
News  |  6/30/2020  | 
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
University of California SF Pays Ransom After Medical Servers Hit
News  |  6/29/2020  | 
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
News  |  6/29/2020  | 
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
HackerOne Reveals Top 10 Bug-Bounty Programs
Quick Hits  |  6/29/2020  | 
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
Files Stolen from 945 Websites Discovered on Dark Web
Quick Hits  |  6/29/2020  | 
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Major US Companies Targeted in New Ransomware Campaign
News  |  6/26/2020  | 
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.
SOC Wins & Losses
News  |  6/26/2020  | 
While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny
News  |  6/25/2020  | 
Researchers from IntSights observed a sharp increase in the use of popular instant messaging apps over the past year among threat groups.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Vulnerabilities Declining in Open Source, but Slow Patching Still a Problem
News  |  6/25/2020  | 
Even as more code is produced, indirect dependencies continue to undermine security.
Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods
News  |  6/25/2020  | 
Malicious botnet sources explode in new attacks that push boundaries in terms of volume and duration.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Lucifer Malware Aims to Become Broad Platform for Attacks
News  |  6/25/2020  | 
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China
News  |  6/25/2020  | 
Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China.
Apple Buys Fleetsmith
Quick Hits  |  6/24/2020  | 
The fleet management company becomes part of Apple in a deal announced today.
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
News  |  6/24/2020  | 
Government-mandated Internet shutdowns occur far more regularly than you might expect.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
News  |  6/24/2020  | 
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Microsoft Previews Windows Defender ATP for Android
Quick Hits  |  6/23/2020  | 
In addition, the first release of Defender ATP for Linux is now generally available.
Twitter Says Business Users Were Vulnerable to Data Breach
Quick Hits  |  6/23/2020  | 
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
Attackers Scanning for PoS Software in New Sodinokibi Ransomware Campaign
News  |  6/23/2020  | 
Making extra money from victims appears to be the goal, Symantec says.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Microsoft Acquires IoT/OT Security Firm CyberX
Quick Hits  |  6/22/2020  | 
Deal extends Microsoft Azure for legacy industrial devices.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Employees Say They're Working From Home Without Security Guidance
Quick Hits  |  6/22/2020  | 
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Australian Government Under Ongoing Cyberattack
Quick Hits  |  6/19/2020  | 
Experts believe China is behind the attack campaign, but China denies responsibility.
Cloud Security Alliance Offers Tips to Protect Telehealth Data
News  |  6/19/2020  | 
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
Cisco Patches Flaw in Webex Videoconferencing App
News  |  6/18/2020  | 
Vulnerability would have allowed an attacker to gain access to sensitive information on a system, Trustwave's SpiderLabs says.
Have Your Say: Dark Reading Video News Desk Seeks Reader Contributions
News  |  6/18/2020  | 
We've got questions for you on black infosec, burnout, vulnerabilities, COVID-19, and much more. Send us your video responses and we'll play them in our News Desk broadcast during Black Hat Virtual.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.