Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2020
<<   <   Page 2 / 2
Hotels.com & Expedia Provider Exposes Millions of Guests' Data
Quick Hits  |  11/9/2020  | 
Hotel reservation platform Prestige Software compromised personal data belonging to millions of travelers through a misconfigured AWS S3 bucket.
Preventing and Mitigating DDoS Attacks: It's Elementary
Commentary  |  11/9/2020  | 
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
7 Online Shopping Tips for the Holidays
Slideshows  |  11/9/2020  | 
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities
News  |  11/6/2020  | 
Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.
Apple Patches 24 Vulnerabilities Across Product Lines
Quick Hits  |  11/6/2020  | 
The vulnerabilities include three for which exploits have already been seen in the wild.
The Oracle-Walmart-TikTok Deal Is Not Enough
Commentary  |  11/6/2020  | 
The social media deal raises issues involving data custodianship and trusted tech partnerships.
How COVID-19 Changed the VC Investment Landscape for Cybersecurity Companies
Commentary  |  11/6/2020  | 
What trends can startups and investors expect to see going forward?
US Seizes 27 More IRGC-Controlled Domain Names
News  |  11/5/2020  | 
The action follows last month's seizure of 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread disinformation.
Digital Transformation Means Security Must Also Transform
Commentary  |  11/5/2020  | 
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.
Cado Security Gets $1.5 Million Seed
Quick Hits  |  11/5/2020  | 
The seed funding round was led by Ten Eleven Ventures.
Online Users Feel Safe, But Risky Behavior Abounds
News  |  11/5/2020  | 
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.
The One Critical Element to Hardening Your Employees' Mobile Security
Commentary  |  11/5/2020  | 
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
Disinformation Now the Top Concern Following Hack-Free Election Day
News  |  11/4/2020  | 
After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.
Hexagon Announces Deal to Acquire PAS Global
Quick Hits  |  11/4/2020  | 
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.
Prepare for the Unexpected: Costs to Consider in Security Budgets
Commentary  |  11/4/2020  | 
Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.
Containers for Data Analysis Are Rife With Vulnerabilities
News  |  11/4/2020  | 
Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.
CSA Moves to Redefine Cloud-Based Intelligence
Commentary  |  11/4/2020  | 
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.
Securing the 2020 Election: 'We're Not Out of the Woods Yet'
News  |  11/3/2020  | 
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.
Cybercrime: Nation-States Go Prime Time
Commentary  |  11/3/2020  | 
Critical infrastructure remains a high-value target, but 90% of nation-states also attack other industry sectors.
Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
Quick Hits  |  11/3/2020  | 
The exploit could give an attacker complete control of vulnerable WebLogic servers.
6 Cybersecurity Lessons From 2020
Slideshows  |  11/3/2020  | 
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
Microsoft & Others Catalog Threats to Machine Learning Systems
News  |  11/2/2020  | 
Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Quick Hits  |  11/2/2020  | 
Cybercrime scheme netted more than $100 million.
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Quick Hits  |  11/2/2020  | 
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.
Fraud Prevention Strategies to Prepare for the Future
Commentary  |  11/2/2020  | 
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.
As Businesses Go Remote, Hackers Find New Security Gaps
News  |  11/2/2020  | 
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.