Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
US Treasury Sanctions Russian Institution Linked to Triton Malware
Quick Hits  |  10/23/2020  | 
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
IASME Consortium to Kick-start New IoT Assessment Scheme
News  |  10/21/2020  | 
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
News  |  10/21/2020  | 
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Quick Hits  |  10/20/2020  | 
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Commentary  |  10/20/2020  | 
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Farsight Labs Launched as Security Collaboration Platform
Quick Hits  |  10/20/2020  | 
Farsight Security's platform will offer no-cost access to certain tools and services.
Businesses Rethink Endpoint Security for 2021
News  |  10/20/2020  | 
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
NSS Labs Shuttered
Quick Hits  |  10/19/2020  | 
The testing firm's website says it has "ceased operations" as of Oct. 15.
GravityRAT Spyware Targets Android & MacOS in India
Quick Hits  |  10/19/2020  | 
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
IoT Vulnerability Disclosure Platform Launched
Quick Hits  |  10/19/2020  | 
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
Microsoft Tops Q3 List of Most-Impersonated Brands
News  |  10/19/2020  | 
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
Trickbot, Phishing, Ransomware & Elections
Commentary  |  10/19/2020  | 
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
7 Tips for Choosing Security Metrics That Matter
Slideshows  |  10/19/2020  | 
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Quick Hits  |  10/16/2020  | 
At least three campaigns are now underway.
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
News  |  10/16/2020  | 
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
Academia Adopts Mitre ATT&CK Framework
News  |  10/16/2020  | 
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
Cybercrime Losses Up 50%, Exceeding $1.8B
Commentary  |  10/16/2020  | 
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
Twitter Hack Analysis Drives Calls for Greater Security Regulation
Quick Hits  |  10/15/2020  | 
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.
Barnes & Noble Warns Customers About Data Breach
Quick Hits  |  10/15/2020  | 
Famed bookseller says non-financial data was exposed in a new attack.
Overcoming the Challenge of Shorter Certificate Lifespans
Commentary  |  10/15/2020  | 
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
The Ruthless Cyber Chaos of Business Recovery
Commentary  |  10/15/2020  | 
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
Microsoft Office 365 Accounts a Big Target for Attackers
News  |  10/15/2020  | 
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.
London Borough of Hackney Investigates 'Serious' Cyberattack
Quick Hits  |  10/14/2020  | 
London's Hackney Council says some services may be slow or unavailable as it looks into a cyberattack affecting services and IT systems.
Assuring Business Continuity by Reducing Malware Dwell Time
Commentary  |  10/14/2020  | 
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
NIST Quantum Cryptography Program Nears Completion
Commentary  |  10/14/2020  | 
The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology's uncertain future.
Microsoft Fixes Critical Windows TCP/IP Flaw in Patch Rollout
News  |  10/13/2020  | 
The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services.
Coalition Pokes Five Eyes on Call for Backdoors
Quick Hits  |  10/13/2020  | 
The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.
25% of BEC Cybercriminals Based in the US
News  |  10/13/2020  | 
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.
Where Are the 'Great Exits' in the Data Security Market?
Commentary  |  10/13/2020  | 
If data security were a student, its report card would read "Not performing to potential." Here's why.
Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference
Commentary  |  10/13/2020  | 
Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.
Online Voting Is Coming, but How Secure Will It Be?
Commentary  |  10/13/2020  | 
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
Software AG Continues Efforts Against $20M Ransomware Attack
Quick Hits  |  10/12/2020  | 
The attack, which now includes extortion components, has moved into its second week.
Security Officers, Are Your Employees Practicing Good Habits from Home?
Commentary  |  10/12/2020  | 
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
A 7-Step Cybersecurity Plan for Healthcare Organizations
Slideshows  |  10/12/2020  | 
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
How to Pinpoint Rogue IoT Devices on Your Network
News  |  10/12/2020  | 
Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.
Apple Pays Bug Bounty to Enterprise Network Researchers
Quick Hits  |  10/9/2020  | 
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
Critical Zerologon Flaw Exploited in TA505 Attacks
Quick Hits  |  10/9/2020  | 
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.
CISOs Planning on Bigger Budgets: Report
Quick Hits  |  10/9/2020  | 
Budgets are on the rise, even in a time of revenue worries across the industry.
Why MSPs Are Hacker Targets, and What To Do About It
Commentary  |  10/9/2020  | 
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
Scale Up Threat Hunting to Skill Up Analysts
Commentary  |  10/8/2020  | 
Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.