Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2020
Page 1 / 2   >   >>
Driven by Ransomware, Cyber Claims Rise in Number & Value
News  |  11/30/2020  | 
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Baltimore County Public Schools Closed Due to Ransomware Attack
News  |  11/30/2020  | 
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
Industrial Computer Maker Confirms Ransomware, Data Theft
Quick Hits  |  11/30/2020  | 
Advantech reports the stolen data was confidential but did not contain high-value documents.
Why Vulnerable Code Is Shipped Knowingly
Commentary  |  11/30/2020  | 
The business priority of speed of development and deployment is overshadowing the need for secure code.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Commentary  |  11/27/2020  | 
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
Do You Know Who's Lurking in Your Cloud Environment?
News  |  11/25/2020  | 
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Commentary  |  11/25/2020  | 
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design
News  |  11/25/2020  | 
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Latest Version of TrickBot Employs Clever New Obfuscation Trick
News  |  11/24/2020  | 
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Baidu Apps Leaked Location Data, Machine Learning Reveals
News  |  11/24/2020  | 
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
CISA Warns of Holiday Online Shopping Scams
Quick Hits  |  11/24/2020  | 
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Commentary  |  11/24/2020  | 
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
Printers' Cybersecurity Threats Too Often Ignored
Commentary  |  11/24/2020  | 
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
News  |  11/23/2020  | 
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
News  |  11/23/2020  | 
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Quick Hits  |  11/23/2020  | 
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Commentary  |  11/23/2020  | 
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Commentary  |  11/23/2020  | 
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Facebook Messenger Flaw Enabled Spying on Android Callees
Quick Hits  |  11/20/2020  | 
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Cybercriminals Get Creative With Google Services
News  |  11/19/2020  | 
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
Quick Hits  |  11/19/2020  | 
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
The Yellow Brick Road to Risk Management
Commentary  |  11/19/2020  | 
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
2021 Cybersecurity Spending: How to Maximize Value
Commentary  |  11/19/2020  | 
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
News  |  11/18/2020  | 
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
How to Identify Cobalt Strike on Your Network
Commentary  |  11/18/2020  | 
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
EFF, Security Experts Condemn Politicization of Election Security
Quick Hits  |  11/17/2020  | 
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
Vulnerability Prioritization Tops Security Pros' Challenges
Commentary  |  11/17/2020  | 
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Researchers Scan for Supply-Side Threats in Open Source
News  |  11/17/2020  | 
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
Commentary  |  11/17/2020  | 
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
Security Risks Discovered in Tesla Backup Gateway
Quick Hits  |  11/17/2020  | 
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
Breakdown of a Break-in: A Manufacturer's Ransomware Response
News  |  11/16/2020  | 
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review
News  |  11/16/2020  | 
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
A Call for Change in Physical Security
Commentary  |  11/16/2020  | 
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
Apple Issues Security Updates
Quick Hits  |  11/13/2020  | 
Vulnerabilities found in three most recent versions of macOS.
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Commentary  |  11/13/2020  | 
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
Credential Stuffing Fills E-commerce Pipeline in 2020
Quick Hits  |  11/12/2020  | 
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
New 'CostaRicto' Hack-for-Hire Group Targets Global Businesses
News  |  11/12/2020  | 
The group of APT mercenaries uses bespoke malware and strong operation security to target a range of organizations, located primarily in Southeast Asia.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Slideshows  |  11/12/2020  | 
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at this week's virtual event.
DARPA and Academia Jumpstart 5G IoT Security Efforts
Commentary  |  11/12/2020  | 
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
3 Tips For Successfully Running Tech Outside the IT Department
Commentary  |  11/11/2020  | 
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
Former Microsoft Software Engineer Sentenced to 9 Years in Prison
Quick Hits  |  11/11/2020  | 
The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.
How to Avoid Getting Killed by Ransomware
Commentary  |  11/11/2020  | 
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Flaws in Privileged Management Apps Expose Machines to Attack
News  |  11/10/2020  | 
The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.
Claroty Details Vulnerabilities in Schneider PLCs
Quick Hits  |  11/10/2020  | 
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
Microsoft Patches Windows Kernel Flaw Under Active Attack
News  |  11/10/2020  | 
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.
Overlooked Security Risks of the M&A Rebound
Commentary  |  11/10/2020  | 
Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.
How Hackers Blend Attack Methods to Bypass MFA
Commentary  |  11/10/2020  | 
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
FTC Announces Consent Agreement With Zoom
Quick Hits  |  11/9/2020  | 
The agreement covers Zoom's misleading statements on security for its audio and video calling.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.