Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerabilities / Threats
<<   <   Page 2 / 2
How Can We Make Election Technology Secure?
Commentary  |  2/6/2020  | 
In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Emotet Preps for Tax Season with New Phishing Campaign
Quick Hits  |  2/5/2020  | 
Malicious emails in a new attack campaign contain links and attachments claiming to lead victims to W-9 forms.
Keeping Compliance Data-Centric Amid Accelerating Regulation
Commentary  |  2/5/2020  | 
As the regulatory landscape transforms, it's still smart to stay strategically focused on protecting your data.
8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products
News  |  2/4/2020  | 
Six of them were the same as from the previous year, according to new Recorded Future analysis.
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
News  |  2/4/2020  | 
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets.
Microsoft DART Finds Web Shell Threat on the Rise
Quick Hits  |  2/4/2020  | 
Various APT groups are successfully using Web shell attacks on a more frequent basis.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
Commentary  |  2/4/2020  | 
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
Quick Hits  |  2/4/2020  | 
The company believes state-sponsored actors may also be involved.
Kubernetes Shows Built-in Weakness
News  |  2/4/2020  | 
A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them.
What WON'T Happen in Cybersecurity in 2020
Commentary  |  2/4/2020  | 
Predictions are a dime a dozen. Here are six trends that you won't be hearing about anytime soon.
Bad Certificate Knocks Teams Offline
Quick Hits  |  2/3/2020  | 
Microsoft allowed a certificate to expire, knocking the Office 365 version of Teams offline for almost an entire day.
Researchers Find 24 'Dangerous' Android Apps with 382M Installs
News  |  2/3/2020  | 
Shenzhen Hawk Internet Co. is identified as the parent company behind five app developers seeking excessive permissions in Android apps.
Coronavirus Phishing Attack Infects US, UK Inboxes
Quick Hits  |  2/3/2020  | 
Cybercriminals capitalize on fears of a global health emergency with phishing emails claiming to offer advice for protecting against coronavirus.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
What It's Like to Be a CISO: Check Point Security Leader Weighs In
News  |  1/31/2020  | 
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
Ashley Madison Breach Returns with Extortion Campaign
Quick Hits  |  1/31/2020  | 
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Embracing a Prevention Mindset to Protect Critical Infrastructure
Commentary  |  1/31/2020  | 
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
Two Vulnerabilities Found in Microsoft Azure Infrastructure
News  |  1/30/2020  | 
Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.
Russian Cybercrime Forum Contests Bring Cash, Visibility to Winners
Quick Hits  |  1/30/2020  | 
Competitions for users are a long-time tradition on underground cybercrime forums for members looking for money - and cred with major criminal syndicates.
United Nations Data Breach Started with Microsoft SharePoint Bug
Quick Hits  |  1/30/2020  | 
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Enterprise Hardware Still Vulnerable to Memory Lane Attacks
News  |  1/30/2020  | 
Most laptops, workstations, and servers are still vulnerable to physical attacks via direct memory access, despite mitigations often being available, report says.
Election Security 2020: How We Should Allocate $425M in Funding
Commentary  |  1/30/2020  | 
Too many states and municipalities still rely on aging systems; it's time they upped their game and treated election technology like they would any other security project.
Aftermath of a Major ICS Hacking Contest
News  |  1/29/2020  | 
Pwn2Own Miami could help spur more research on and attention to the security of industrial control system products, experts say.
Criminals Hide Malware Behind Grammy-Winning Cover
Quick Hits  |  1/29/2020  | 
Songs by Ariana Grande, Taylor Swift, and Post Malone are the most popular places.
Inside the Check Point Research Team's Investigation Process
News  |  1/29/2020  | 
The team sheds light on how their organization works and what they're watching in the threat landscape.
Securing Containers with Zero Trust
Commentary  |  1/29/2020  | 
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
Threat Hunting Is Not for Everyone
Commentary  |  1/29/2020  | 
Threat hunting is a sophisticated, advanced technique that should be reserved for specific instances and be conducted only by trained professionals.
'Understand What You Believe': Fmr. FBI Agent Unpacks Information Threats
News  |  1/28/2020  | 
In the past few years, social media has transformed from a communications gold mine to a minefield of disinformation campaigns.
Russian Brothers Sentenced to 12 Years for Fraud and Identity Theft
Quick Hits  |  1/28/2020  | 
The pair, based in Fort Lauderdale, Fla., were running a sophisticated credit card fraud factory.
Intel Previews Newest 'Zombieload' Patch
Quick Hits  |  1/28/2020  | 
Intel has promised a third patch to remediate the Zombieload speculative execution vulnerability.
CCPA: Cut From the Same Cloth as PCI DSS
Commentary  |  1/28/2020  | 
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
How to Get the Most Out of Your Security Metrics
Commentary  |  1/27/2020  | 
There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.
'CardPlanet' Operator Pleads Guilty in Federal Court
Quick Hits  |  1/24/2020  | 
Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.
DHS Warns of Increasing Emotet Risk
Quick Hits  |  1/23/2020  | 
Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.
NSA Offers Guidance on Mitigating Cloud Flaws
Quick Hits  |  1/23/2020  | 
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Commentary  |  1/23/2020  | 
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
For Mismanaged SOCs, The Price Is Not Right
News  |  1/22/2020  | 
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
News  |  1/22/2020  | 
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Why DPOs and CISOs Must Work Closely Together
Commentary  |  1/22/2020  | 
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Commentary  |  1/22/2020  | 
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users
News  |  1/21/2020  | 
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.
New Ransomware Tactic Shows How Windows EFS Can Aid Attackers
News  |  1/21/2020  | 
Researchers have discovered how ransomware can take advantage of the Windows Encrypting File System, prompting security vendors to release patches.
FireEye Buys Cloudvisory
Quick Hits  |  1/21/2020  | 
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.
Ransomware Upgrades with Credential-Stealing Tricks
Quick Hits  |  1/21/2020  | 
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.
Data Awareness Is Key to Data Security
Commentary  |  1/21/2020  | 
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.
Are We Secure Yet? How to Build a 'Post-Breach' Culture
Commentary  |  1/20/2020  | 
There are many ways to improve your organization's cybersecurity practices, but the most important principle is to start from the top.
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
FBI Seizes Domain That Sold Info Stolen in Data Breaches
Quick Hits  |  1/17/2020  | 
The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
<<   <   Page 2 / 2


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8818
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
CVE-2020-8819
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...