Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
Page 1 / 2   >   >>
BG-IP Vulnerabilities Could be Big Trouble for Customers
Quick Hits  |  7/2/2020  | 
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
Considerations for Seamless CCPA Compliance
Commentary  |  7/2/2020  | 
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
22,900 MongoDB Databases Affected in Ransomware Attack
Quick Hits  |  7/2/2020  | 
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
DHS Shares Data on Top Cyber Threats to Federal Agencies
News  |  7/1/2020  | 
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
New MacOS Ransomware Hides in Pirated Program
Quick Hits  |  7/1/2020  | 
A bogus installer for Little Snitch carries a ransomware hitchhiker.
Microsoft Issues Out-of-Band Patches for RCE Flaws
Quick Hits  |  7/1/2020  | 
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
Ripple20 Threatens Increasingly Connected Medical Devices
News  |  6/30/2020  | 
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
COVID-19 Puts ICS Security Initiatives 'On Pause'
News  |  6/30/2020  | 
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Quick Hits  |  6/30/2020  | 
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
University of California SF Pays Ransom After Medical Servers Hit
News  |  6/29/2020  | 
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
News  |  6/29/2020  | 
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
HackerOne Reveals Top 10 Bug-Bounty Programs
Quick Hits  |  6/29/2020  | 
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
Files Stolen from 945 Websites Discovered on Dark Web
Quick Hits  |  6/29/2020  | 
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Vulnerabilities Declining in Open Source, but Slow Patching Still a Problem
News  |  6/25/2020  | 
Even as more code is produced, indirect dependencies continue to undermine security.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Lucifer Malware Aims to Become Broad Platform for Attacks
News  |  6/25/2020  | 
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
News  |  6/24/2020  | 
Government-mandated Internet shutdowns occur far more regularly than you might expect.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
News  |  6/24/2020  | 
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Twitter Says Business Users Were Vulnerable to Data Breach
Quick Hits  |  6/23/2020  | 
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Microsoft Acquires IoT/OT Security Firm CyberX
Quick Hits  |  6/22/2020  | 
Deal extends Microsoft Azure for legacy industrial devices.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Australian Government Under Ongoing Cyberattack
Quick Hits  |  6/19/2020  | 
Experts believe China is behind the attack campaign, but China denies responsibility.
Cloud Security Alliance Offers Tips to Protect Telehealth Data
News  |  6/19/2020  | 
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
Cisco Patches Flaw in Webex Videoconferencing App
News  |  6/18/2020  | 
Vulnerability would have allowed an attacker to gain access to sensitive information on a system, Trustwave's SpiderLabs says.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
60% of Businesses Plan to Spend More on Cyber Insurance
Quick Hits  |  6/18/2020  | 
New data reveals 65% of SMEs plan to invest more in cyber insurance, compared with 58% of large enterprises.
O365 Phishing Campaign Leveraged Legit Domains
Quick Hits  |  6/18/2020  | 
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
Most Contact-Tracing Apps Fail Basic Security
News  |  6/18/2020  | 
A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.
7 Tips for Employers Navigating Remote Recruitment
Slideshows  |  6/17/2020  | 
Hiring experts explain how companies should approach recruitment when employers and candidates are working remotely.
What's Anonymous Up to Now?
News  |  6/17/2020  | 
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.