Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2020
Page 1 / 2   >   >>
JavaScript Obfuscation Moves to Phishing Emails
News  |  10/30/2020  | 
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
Quick Hits  |  10/30/2020  | 
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
First the Good News: Number of Breaches Down 51% Year Over Year
News  |  10/29/2020  | 
But the number of records put at risk experiences a massive increase. Here's why.
Hackers Make Off With Millions From Wisconsin Republicans
Quick Hits  |  10/29/2020  | 
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
Ransomware Wave Targets US Hospitals: What We Know So Far
News  |  10/29/2020  | 
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
News  |  10/29/2020  | 
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
How to Increase Voter Turnout & Reduce Fraud
Commentary  |  10/29/2020  | 
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
Is Your Encryption Ready for Quantum Threats?
Commentary  |  10/29/2020  | 
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
US Government Issues Warning on Kimsuky APT Group
Quick Hits  |  10/28/2020  | 
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
6 Ways Passwords Fail Basic Security Tests
Slideshows  |  10/28/2020  | 
New data shows humans still struggle with password creation and management.
Rethinking Security for the Next Normal -- Under Pressure
Commentary  |  10/28/2020  | 
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
Trump Campaign Website Defaced by Unknown Attackers
Quick Hits  |  10/28/2020  | 
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
Physical Security Has a Lot of Catching Up to Do
Commentary  |  10/28/2020  | 
The transformation we need: merging the network operations center with the physical security operations center.
Survey Uncovers High Level of Concern Over Firewalls
News  |  10/27/2020  | 
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
News  |  10/27/2020  | 
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
MITRE Shield Matrix Highlights Deception & Concealment Technology
Commentary  |  10/27/2020  | 
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
News  |  10/27/2020  | 
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
Employees Aware of Emailed Threats Open Suspicious Messages
Quick Hits  |  10/27/2020  | 
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
5 Human Factors That Affect Secure Software Development
Commentary  |  10/27/2020  | 
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
Quick Hits  |  10/26/2020  | 
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
New Report Links Cybersecurity and Sustainability
Quick Hits  |  10/26/2020  | 
Some have also created the role of chief sustainability officer, according to Kaspersky.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Commentary  |  10/26/2020  | 
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
US Treasury Sanctions Russian Institution Linked to Triton Malware
Quick Hits  |  10/23/2020  | 
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
IASME Consortium to Kick-start New IoT Assessment Scheme
News  |  10/21/2020  | 
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
News  |  10/21/2020  | 
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Quick Hits  |  10/20/2020  | 
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Commentary  |  10/20/2020  | 
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Farsight Labs Launched as Security Collaboration Platform
Quick Hits  |  10/20/2020  | 
Farsight Security's platform will offer no-cost access to certain tools and services.
Businesses Rethink Endpoint Security for 2021
News  |  10/20/2020  | 
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
NSS Labs Shuttered
Quick Hits  |  10/19/2020  | 
The testing firm's website says it has "ceased operations" as of Oct. 15.
GravityRAT Spyware Targets Android & MacOS in India
Quick Hits  |  10/19/2020  | 
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
IoT Vulnerability Disclosure Platform Launched
Quick Hits  |  10/19/2020  | 
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
Microsoft Tops Q3 List of Most-Impersonated Brands
News  |  10/19/2020  | 
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
Trickbot, Phishing, Ransomware & Elections
Commentary  |  10/19/2020  | 
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
7 Tips for Choosing Security Metrics That Matter
Slideshows  |  10/19/2020  | 
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Quick Hits  |  10/16/2020  | 
At least three campaigns are now underway.
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
News  |  10/16/2020  | 
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
Academia Adopts Mitre ATT&CK Framework
News  |  10/16/2020  | 
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
Page 1 / 2   >   >>


Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.