Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2020
Page 1 / 3   >   >>
The No Good, Very Bad Week for Iran's Nation-State Hacking Ops
News  |  9/30/2020  | 
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
GitHub Tool Spots Security Vulnerabilities in Code
News  |  9/30/2020  | 
Scanner, which just became generally available, lets developers spot problems before code gets into production.
Cloud Misconfiguration Mishaps Businesses Must Watch
News  |  9/30/2020  | 
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
A Guide to the NIST Cybersecurity Framework
News  |  9/30/2020  | 
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
IDaaS: A New Era of Cloud Identity
Commentary  |  9/30/2020  | 
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
COVID-19 Creates Opening for OT Security Reform
Commentary  |  9/30/2020  | 
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures
Quick Hits  |  9/30/2020  | 
Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.
Attacker Dwell Time: Ransomware's Most Important Metric
Commentary  |  9/30/2020  | 
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
News  |  9/29/2020  | 
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
DDoS Attacks Soar in First Half of 2020
Quick Hits  |  9/29/2020  | 
Shorter, faster, multivector attacks had a greater impact on victims.
New Campaign by China-Linked Group Targets US Orgs for First Time
News  |  9/29/2020  | 
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.
Vulnerability in Wireless Router Chipsets Prompts Advisory
Quick Hits  |  9/29/2020  | 
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Commentary  |  9/29/2020  | 
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure
News  |  9/29/2020  | 
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Commentary  |  9/29/2020  | 
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
Ivanti Acquires Two Security Companies
Quick Hits  |  9/28/2020  | 
Purchase of MobileIron and Pulse Secure announced simultaneously.
Universal Health Services Network Down in Apparent Ransomware Attack
Quick Hits  |  9/28/2020  | 
UHS reportedly hit with ransomware that took down its network that supports hundreds of healthcare facilities and hospitals.
9 Tips to Prepare for the Future of Cloud & Network Security
Slideshows  |  9/28/2020  | 
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
Safeguarding Schools Against RDP-Based Ransomware
Commentary  |  9/28/2020  | 
How getting online learning right today will protect schools, and the communities they serve, for years to come.
MFA-Minded Attackers Continue to Figure Out Workarounds
News  |  9/28/2020  | 
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
6 Things to Know About the Microsoft 'Zerologon' Flaw
News  |  9/25/2020  | 
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
News  |  9/25/2020  | 
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
Getting Over the Security-to-Business Communication Gap in DevSecOps
News  |  9/25/2020  | 
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Malware Attacks Declined But Became More Evasive in Q2
News  |  9/24/2020  | 
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
News  |  9/24/2020  | 
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
Critical Instagram Flaw Could Let Attackers Spy on Victims
News  |  9/24/2020  | 
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Solving the Problem With Security Standards
Commentary  |  9/24/2020  | 
More explicit threat models can make security better and open the door to real and needed innovation.
CrowdStrike Agrees to Acquire Preempt Security for $96M
Quick Hits  |  9/24/2020  | 
CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.
Microsoft Warns of Attackers Now Exploiting 'Zerologon' Flaw
Quick Hits  |  9/24/2020  | 
The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
News  |  9/23/2020  | 
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
Google Cloud Debuts Threat-Detection Service
News  |  9/23/2020  | 
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
India's Cybercrime and APT Operations on the Rise
News  |  9/23/2020  | 
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.
Microsoft's Azure Defender for IoT Uses CyberX Tech
Quick Hits  |  9/23/2020  | 
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
My Journey Toward SAP Security
Commentary  |  9/23/2020  | 
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
FBI, DHS Warn of 'Likely' Disinformation Campaigns About Election Results
Quick Hits  |  9/23/2020  | 
Nation-state actors and cybercriminals could wage cyberattacks and spread false information about the integrity of the election results while officials certify the final vote counts.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Commentary  |  9/23/2020  | 
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
12 Bare-Minimum Benchmarks for AppSec Initiatives
Slideshows  |  9/23/2020  | 
The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.
Attackers Target Small Manufacturing Firms
News  |  9/22/2020  | 
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
Vulnerability Disclosure Programs See Signups & Payouts Surge
News  |  9/22/2020  | 
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Startup Aims to Map and Track All the IT and Security Things
News  |  9/22/2020  | 
Security service JupiterOne spins off from a healthcare service provider's homegrown technology.
Microsoft Extends Data Loss Prevention to Cloud App Security
News  |  9/22/2020  | 
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
Permission Management & the Goldilocks Conundrum
Commentary  |  9/22/2020  | 
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
Nearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of Work
News  |  9/22/2020  | 
New research shows how security skills are lacking across multiple IT disciplines as well - including network engineers, sys admins, and cloud developers.
Remote Work Exacerbating Data Sprawl
News  |  9/21/2020  | 
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.
'Dark Overlord' Cyber Extortionist Pleads Guilty
Quick Hits  |  9/21/2020  | 
Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Quick Hits  |  9/21/2020  | 
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33331
PUBLISHED: 2021-08-03
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
CVE-2021-33332
PUBLISHED: 2021-08-03
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_por...
CVE-2021-33333
PUBLISHED: 2021-08-03
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
CVE-2021-33334
PUBLISHED: 2021-08-03
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permissio...
CVE-2021-30578
PUBLISHED: 2021-08-03
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.