Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2021
Page 1 / 2   >   >>
Ransomware Payoffs Surge by 311% to Nearly $350 Million
News  |  1/29/2021  | 
Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Commentary  |  1/29/2021  | 
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
Law Enforcement Aims to Take Down Netwalker Ransomware
Quick Hits  |  1/28/2021  | 
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
Digital Identity Is the New Security Control Plane
Commentary  |  1/28/2021  | 
Simplifying the management of security systems helps provide consistent protection for the new normal.
App Variety -- and Security Innovation -- Surged in 2020
News  |  1/28/2021  | 
The shift to remote work pushed businesses to reimagine the fabric of apps and cloud services they needed to support their workforces.
Intl. Law Enforcement Operation Disrupts Emotet Botnet
News  |  1/27/2021  | 
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
4 Clues to Spot a Bot Network
Commentary  |  1/27/2021  | 
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
Apple Patches Three iOS Zero-Day Vulnerabilities
Quick Hits  |  1/27/2021  | 
New iOS 14.4 update available for iPhones and iPads.
LogoKit Group Aims for Simple Yet Effective Phishing
News  |  1/27/2021  | 
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.
Pay-or-Get-Breached Ransomware Schemes Take Off
News  |  1/26/2021  | 
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
North Korean Attackers Target Security Researchers via Social Media: Google
News  |  1/26/2021  | 
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
BEC Scammers Find New Ways to Navigate Microsoft 365
Quick Hits  |  1/26/2021  | 
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Commentary  |  1/26/2021  | 
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
Commentary  |  1/26/2021  | 
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
Deloitte & Touche Buys Threat-Hunting Firm
Quick Hits  |  1/25/2021  | 
Root9B (R9B) offers threat hunting and other managed security services.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
News  |  1/22/2021  | 
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
Breach Data Shows Attackers Switched Gears in 2020
News  |  1/21/2021  | 
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
Attackers Leave Stolen Credentials Searchable on Google
News  |  1/21/2021  | 
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
7 Steps to Secure a WordPress Site
Slideshows  |  1/21/2021  | 
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
News  |  1/20/2021  | 
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
Vulnerabilities in Popular DNS Software Allow Poisoning
News  |  1/19/2021  | 
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Quick Hits  |  1/19/2021  | 
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
Successful Malware Incidents Rise as Attackers Shift Tactics
News  |  1/15/2021  | 
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Quick Hits  |  1/14/2021  | 
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
Businesses Struggle with Cloud Availability as Attackers Take Aim
News  |  1/14/2021  | 
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
NSA Recommends Using Only 'Designated' DNS Resolvers
Quick Hits  |  1/14/2021  | 
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
News  |  1/14/2021  | 
It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?
Vulnerability Management Has a Data Problem
Commentary  |  1/14/2021  | 
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
News  |  1/13/2021  | 
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
United Nations Security Flaw Exposed 100K Staff Records
Quick Hits  |  1/12/2021  | 
Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
News  |  1/12/2021  | 
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
Intel's New vPro Processors Aim to Help Defend Against Ransomware
News  |  1/11/2021  | 
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
New Tool Sheds Light on AppleScript-Obfuscated Malware
News  |  1/11/2021  | 
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
When It Comes To Security Tools, More Isn't More
Commentary  |  1/11/2021  | 
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Commentary  |  1/8/2021  | 
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
News  |  1/7/2021  | 
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack
News  |  1/7/2021  | 
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.
State Dept. to Create New Cybersecurity & Technology Agency
Quick Hits  |  1/7/2021  | 
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.
Even Small Nations Have Jumped into the Cyber Espionage Game
News  |  1/7/2021  | 
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Commentary  |  1/7/2021  | 
Always be skeptical and double check credentials.
Nissan Source Code Leaked via Misconfigured Git Server
Quick Hits  |  1/6/2021  | 
Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21553
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.
CVE-2021-21562
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application...
CVE-2021-21563
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
CVE-2021-21565
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2021-26085
PUBLISHED: 2021-08-03
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.