Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2020
Page 1 / 4   >   >>
3 Arrested for Massive Twitter Breach
Quick Hits  |  7/31/2020  | 
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
New Initiative Links Cybersecurity Pros to Election Officials
Quick Hits  |  7/31/2020  | 
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Quick Hits  |  7/31/2020  | 
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
News  |  7/30/2020  | 
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Dark Web Travel Fraudsters Left Hurting From Lockdowns
News  |  7/30/2020  | 
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.
Mimecast Buys MessageControl
Quick Hits  |  7/30/2020  | 
The email security provider brings into its fold social engineering and human identity capabilities.
Ill-Defined Career Paths Hamper Growth for IT Security Pros
News  |  7/30/2020  | 
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Commentary  |  7/30/2020  | 
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Google Adds Security Updates to Chrome Autofill
Quick Hits  |  7/30/2020  | 
Chrome users can retrieve payment card numbers via biometric authentication and use a new "touch-to-fill: feature to log in to accounts.
Citizens Are Increasingly Worried About How Companies Use Their Data
News  |  7/30/2020  | 
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
Average Cost of a Data Breach: $3.86 Million
News  |  7/29/2020  | 
New IBM study shows that security system complexity and cloud migration can amplify breach costs.
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
News  |  7/29/2020  | 
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
Quick Hits  |  7/29/2020  | 
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Lazarus Group Shifts Gears with Custom Ransomware
News  |  7/28/2020  | 
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.
Avon Server Leaks User Info and Administrative Data
Quick Hits  |  7/28/2020  | 
An unprotected server has exposed more than 7GB of data from the beauty brand.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
News  |  7/28/2020  | 
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
7.5M Banking Customers Affected in Dave Security Breach
Quick Hits  |  7/28/2020  | 
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
ShinyHunters Offers Stolen Data on Dark Web
Quick Hits  |  7/27/2020  | 
The threat actor offers more than 26 million records from a series of data breaches.
Ratings for Open Source Projects Aim to Make Software More Secure
News  |  7/27/2020  | 
Two companies have teamed up to rate open source projects, but can adopting repository ratings help developers make better decisions regarding open source?
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Block/Allow: The Changing Face of Hacker Linguistics
News  |  7/27/2020  | 
Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.
Qualys Enters Crowded Endpoint Detection and Response Market
News  |  7/26/2020  | 
The company, already known for its vulnerability management capabilities, announces the acquisition of EDR provider Spell Security and the launch of its own service for managing endpoints and responding to threats.
7 Summer Travel Security Tips
Slideshows  |  7/25/2020  | 
With staying safe during the pandemic high priority, it's easy to let your guard down about the security of the devices you take along your travels.
Organizations Continue to Struggle With App Vulns
News  |  7/24/2020  | 
A high percentage of discovered bugs remain unremediated for a long time, a new study shows.
Garmin Takes App & Services Offline After Suspected Ransomware Attack
Quick Hits  |  7/24/2020  | 
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.
Remote Work Could Help Cybersecuritys Diversity Problem But Will It?
News  |  7/24/2020  | 
Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.
Access to Internal Twitter Admin Tools Is Widespread
Quick Hits  |  7/24/2020  | 
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
News  |  7/23/2020  | 
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
DNA Site Leaves Records Open to Law Enforcement
Quick Hits  |  7/23/2020  | 
A pair of breaches reset user accounts to allow access for two days.
Twitter Breach a Reminder of Need to Protect Corporate Social Media Use
News  |  7/23/2020  | 
Intruders had access to direct messages associated with 36 accounts in last week's attack, social media giant discloses.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Commentary  |  7/23/2020  | 
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
CouchSurfing Investigates Potential Data Breach
Quick Hits  |  7/23/2020  | 
The service has reportedly hired a security firm after 17 million user records were found on a public hacking forum.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Surge in Consumer-Grade IoT Devices Undermining Enterprise Security
News  |  7/22/2020  | 
Individuals and business groups are connecting everything from Amazon Echo devices to data-sampling sensors on networks with sensitive systems with little regard to safety, two reports show.
VC Investment in Cybersecurity Dips & Shifts with COVID-19
News  |  7/22/2020  | 
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.
CISA Hires Security Experts to Boost COVID-19 Response
Quick Hits  |  7/22/2020  | 
The agency brings in expertise from the private sector to improve its technical capabilities and engagement with industry partners.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.