Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
<<   <   Page 2 / 2
Ransomware, Data Breach Follow Phishing Attack at Magellan Health
Quick Hits  |  5/13/2020  | 
The healthcare company has informed affected employees of a data breach on a single corporate server.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
Nine in 10 Applications Contain Outdated Software Components
News  |  5/12/2020  | 
Almost every application uses open-source components and 91% use libraries that are out of date or that have been abandoned altogether.
DHS, FBI & DoD Report on New North Korean Malware
Quick Hits  |  5/12/2020  | 
Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea.
The Modern SOC Demands New Skills
Commentary  |  5/12/2020  | 
Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.
A-List Celebrity Law Firm Confirms Cyberattack
Quick Hits  |  5/12/2020  | 
Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.
6 Free Cybersecurity Training and Awareness Courses
Slideshows  |  5/12/2020  | 
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Thunderbolt Vulnerabilities Could Threaten Millions of PCs
News  |  5/11/2020  | 
Attackers with physical access to targeted machines could exploit these flaws to access and copy data within minutes, researchers say.
Researchers Analyze Oracle WebLogic Flaw Under Attack
Quick Hits  |  5/11/2020  | 
Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Companies Struggle for Effective Cybersecurity
News  |  5/8/2020  | 
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
DocuSign Phishing Campaign Uses COVID-19 as Bait
Quick Hits  |  5/8/2020  | 
The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.
Why DevSecOps Is Critical for Containers and Kubernetes
Commentary  |  5/8/2020  | 
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Mac RAT Rides 2FA App Onto Systems
Quick Hits  |  5/7/2020  | 
The new macOS remote access Trojan from the Lazarus Group uses a two-factor authentication app as its delivery mechanism.
Now More Than Ever? Securing the Software Life Cycle
Commentary  |  5/7/2020  | 
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
Threat-Modeling Basics Using MITRE ATT&CK
Commentary  |  5/7/2020  | 
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
Maze Ransomware Operators Step Up Their Game
News  |  5/6/2020  | 
Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.
Half of Companies Have Suffered a Cybersecurity Issue Amid COVID-19 Crisis
Quick Hits  |  5/6/2020  | 
Survey shows 49% expect to experience a data breach or cybersecurity incident in the next month.
When Achieving Deadpool Status Is a Good Thing
Commentary  |  5/6/2020  | 
It means attackers have been met with sufficient resistance that it's no longer worth their trouble and have moved on
The Price of Fame? Celebrities Face Unique Hacking Threats
News  |  5/6/2020  | 
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Is CVSS the Right Standard for Prioritization?
Commentary  |  5/6/2020  | 
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
Microsoft Challenges Security Researchers to Hack Azure Sphere
News  |  5/5/2020  | 
Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.
Breach Hits GoDaddy SSH Customers
Quick Hits  |  5/5/2020  | 
The October 2019 breach left some customer data open to hacking eyes.
Malicious Use of AI Poses a Real Cybersecurity Threat
Commentary  |  5/5/2020  | 
We should prepare for a future in which artificially intelligent cyberattacks become more common.
Designing Firmware Resilience for 3 Top Attack Vectors
Commentary  |  5/5/2020  | 
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.
Zoom Installers Used to Spread WebMonitor RAT
Quick Hits  |  5/4/2020  | 
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.
7 Tips for Security Pros Patching in a Pandemic
Slideshows  |  5/4/2020  | 
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
DHS CISA Launches Site for Teleworking Security
Quick Hits  |  5/1/2020  | 
The new website is intended to be a one-stop source for information on securing teleworkers and their employers.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
Researchers Find Baby Banking Trojan, Watch It Grow
News  |  4/30/2020  | 
EventBot is an Android information stealer on its way to becoming a very capable piece of malware.
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Things Keeping CISOs Up at Night During the COVID-19 Pandemic
Commentary  |  4/30/2020  | 
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
Ed-Tech Company Chegg Suffers Third Breach Since 2018
Quick Hits  |  4/30/2020  | 
The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
86% of Companies Report Network Disruption Amid Remote Work Shift
News  |  4/29/2020  | 
Nearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.
Microsoft Warns of Malware Hidden in Pirated Film Files
Quick Hits  |  4/29/2020  | 
An active campaign inserts malicious VBScript into ZIP files posing as downloads for "John Wick 3," "Contagion," and other popular movies.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Web Shells Continue to Threaten
News  |  4/29/2020  | 
A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
News  |  4/29/2020  | 
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
4 Ways to Get to Defensive When Faced by an Advanced Attack
Commentary  |  4/29/2020  | 
To hold your own against nation-state-grade attacks, you must think and act differently.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
New Startup Accurics Tackles Cloud Infrastructure Security
News  |  4/28/2020  | 
Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
Top 10 Cyber Incident Response Mistakes and How to Avoid Them
Slideshows  |  4/27/2020  | 
From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Microsoft Patches Dangerous Teams Vulnerability
News  |  4/27/2020  | 
CyberArk says issue would have allowed attackers to take over Teams accounts using a malicious GIF.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.