Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2019
<<   <   Page 4 / 4
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
Slideshows  |  7/8/2019  | 
Just some of the research and ideas worth checking out at this year's 'security summer camp.'
UK Forensics Firm Paid Ransom in Cyberattack
Quick Hits  |  7/5/2019  | 
Victim firm Eurofins Scientific handles more than 70,000 criminal cases per year in the UK.
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
Cryptominer Delivers New Kind of Malware
Larry Loeb  |  7/5/2019  | 
Malicious actors seem to be beginning to turn to Golang as a malware language since it is not typically picked up by antivirus software.
Survey Finds Enterprise Concerned About Mass Data Fragmentation
Larry Loeb  |  7/5/2019  | 
For many organizations, the public cloud has failed to live up to expectations.
D-Link Agrees to Strengthen Device Security
Quick Hits  |  7/3/2019  | 
A settlement with the FTC should mean comprehensive security upgrades for D-Link routers and IP camera.
US Military Warns Companies to Look Out for Iranian Outlook Exploits
News  |  7/3/2019  | 
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
New 'WannaHydra' Malware a Triple Threat to Android
News  |  7/3/2019  | 
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.
Sodin Ransomware Exploits Windows Privilege Escalation Bug
News  |  7/3/2019  | 
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.
More Than Half of SMB Devices Run Outdated Operating Systems
News  |  7/3/2019  | 
66% of devices in small-to midsized businesses are based on expired or about-to-expire Microsoft OS versions, Alert Logic study found.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Commentary  |  7/3/2019  | 
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
Disarming Employee Weaponization
Commentary  |  7/3/2019  | 
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
Black Hat Q&A: Understanding NSAs Quest to Open Source Ghidra
News  |  7/3/2019  | 
National Security Agency researcher Brian Knighton offers a preview of his August Black Hat USA talk on the evolution of Ghidra.
TA505 Group Launches New Targeted Attacks
News  |  7/3/2019  | 
Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.
New MacOS Malware Discovered
News  |  7/2/2019  | 
A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.
Phishing Campaign Evades Analysis by Hiding URL in QR Code
Larry Loeb  |  7/2/2019  | 
Phishing attacks are never really dead.
Identity Can't Recognize Itself
Larry Loeb  |  7/2/2019  | 
Identity management needs to be 'frictionless' if it is going to gain users.
Cybersecurity Experts Worry About Satellite & Space Systems
News  |  7/2/2019  | 
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.
'Human Side-Channels': Behavioral Traces We Leave Behind
News  |  7/2/2019  | 
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Commentary  |  7/2/2019  | 
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
Poor Communications Slowing DevOps Shift
Quick Hits  |  7/2/2019  | 
Existing functional silos are standing in the way of building a DevOps culture.
Toyota's Car-Hacking Tool Now Available
News  |  7/2/2019  | 
'PASTA' hardware and software kit now retails for $28,300.
Lake City Employee Fired Following Ransom Payment
Quick Hits  |  7/2/2019  | 
The Florida city approved its insurer to pay $460,000 in ransom for a cyberattack that shut down servers, email, and phone.
The Case for Encryption: Fact vs. Fiction
Commentary  |  7/2/2019  | 
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
Thousands of Facebook Users Hit in Malware Distribution Campaign
News  |  7/1/2019  | 
'Operation Tripoli' is another reminder why users cannot trust every link they see on social media sites.
Ransomware Hits Georgia Court System
Quick Hits  |  7/1/2019  | 
The court's IT department is meeting with external agencies to determine the scope and severity of the cyberattack.
The Truth About Your Software Supply Chain
Slideshows  |  7/1/2019  | 
Open source components help developers innovate faster, but they sometimes come at a high price.
Building the Future Through Security Internships
Commentary  |  7/1/2019  | 
Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.
Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says
News  |  7/1/2019  | 
Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.