Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2020
Page 1 / 2   >   >>
How to Build Cyber Resilience in a Dangerous Atmosphere
Commentary  |  12/31/2020  | 
Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.
The Coolest Hacks of 2020
News  |  12/31/2020  | 
Despite a pandemic and possibly the worst cyberattack campaign ever waged against the US, the year still had some bright spots when it came to "good" and creative hacks.
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
Commentary  |  12/30/2020  | 
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
India: A Growing Cybersecurity Threat
Commentary  |  12/29/2020  | 
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
Defending the COVID-19 Vaccine Supply Chain
Commentary  |  12/28/2020  | 
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
Commentary  |  12/28/2020  | 
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year
News  |  12/28/2020  | 
Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees.
Amazon Gift Card Scam Delivers Dridex This Holiday Season
News  |  12/24/2020  | 
Dridex operators launch a social engineering scam that promises victims a $100 gift card but delivers a banking Trojan.
Quarterbacking Vulnerability Remediation
Commentary  |  12/24/2020  | 
It's time that security got out of the armchair and out on the field.
Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force
News  |  12/23/2020  | 
Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.
White Ops Announces Its Acquisition
Quick Hits  |  12/23/2020  | 
A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
Lazarus Group Seeks Intelligence Related to COVID-19
News  |  12/23/2020  | 
Researchers attribute attacks targeting a pharmaceutical company and a government ministry related to COVID-19 response.
Enterprise IoT Security Is a Supply Chain Problem
Commentary  |  12/23/2020  | 
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
Emotet Campaign Restarts After Seven-Week Hiatus
News  |  12/22/2020  | 
Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.
Prepare to Fight Upcoming Cyber-Threat Innovations
Commentary  |  12/22/2020  | 
Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.
Law Enforcement Disrupts VPN Services Enabling Cybercrime
Quick Hits  |  12/22/2020  | 
The United States and international partners shut down three bulletproof hosting services used to facilitate criminal activity.
Security as Code: How Repeatable Policy-Driven Deployment Improves Security
Commentary  |  12/22/2020  | 
The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report
Quick Hits  |  12/21/2020  | 
The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code.
NSA, CISA Warn of Attacks on Federated Authentication
News  |  12/21/2020  | 
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Commentary  |  12/21/2020  | 
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
FBI Warns of DoppelPaymer Attacks on Critical Infrastructure
Quick Hits  |  12/18/2020  | 
The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
Commentary  |  12/18/2020  | 
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
Malicious Browser Extensions for Social Media Infect Millions of Systems
News  |  12/17/2020  | 
At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data.
'SocGholish' Attack Framework Powers Surge in Drive-By Attacks
News  |  12/17/2020  | 
Menlo Labs research team says framework's social engineering toolkit helps criminals impersonate software updates.
Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond
News  |  12/17/2020  | 
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.
VPNs, MFA & the Realities of Remote Work
Commentary  |  12/17/2020  | 
The work-from-home-era is accelerating cloud-native service adoption.
Attackers Leverage IMAP to Infiltrate Email Accounts
Quick Hits  |  12/16/2020  | 
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.
New IRS Form Fraud Campaign Targets G Suite Users
Quick Hits  |  12/16/2020  | 
At least 50,000 executives have been affected so far.
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
News  |  12/16/2020  | 
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
Senior Managers Twice as Likely to Share Work Devices With Outsiders
News  |  12/16/2020  | 
New survey finds top C-suite managers are much shakier on security than their junior counterparts.
Why the Weakest Links Matter
Commentary  |  12/16/2020  | 
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
Patching Still Poses Problems for Industrial Controllers, Networking Devices
News  |  12/16/2020  | 
More than 90% of devices that run popular embedded operating systems remain vulnerable to critical flaws disclosed more than a year ago.
SSO and MFA Are Only Half Your Identity Governance Strategy
Commentary  |  12/16/2020  | 
We need better ways to manage user identities for accessing applications, especially given the strain it places on overworked IT and security teams.
Twitter Fined in Irish GDPR Action
Quick Hits  |  12/15/2020  | 
The $547K fine results from an issue Twitter reported in 2019.
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Commentary  |  12/15/2020  | 
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Commentary  |  12/14/2020  | 
Emerging businesses that don't embrace scalable security do so at their own peril.
Microsoft Warns of Powerful New Adware
Quick Hits  |  12/11/2020  | 
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
7 Security Tips for Gamers
Slideshows  |  12/11/2020  | 
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Penetration Testing: A Road Map for Improving Outcomes
Commentary  |  12/11/2020  | 
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
News  |  12/10/2020  | 
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
Cloud Identity and Access Management: Understanding the Chain of Access
Commentary  |  12/10/2020  | 
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
85,000 MySQL Servers Hit in Active Ransomware Campaign
Quick Hits  |  12/10/2020  | 
Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Commentary  |  12/10/2020  | 
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
Google Shares Cloud Security Tips
News  |  12/10/2020  | 
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
Black Hat Europe: Dark Reading Video News Desk Coverage
News  |  12/10/2020  | 
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Vulnerabilities Continue Around 2019 Pace
Quick Hits  |  12/9/2020  | 
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
Commentary  |  12/9/2020  | 
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
Navigating the Security Maze in a New Era of Cyberthreats
Commentary  |  12/9/2020  | 
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Open Source Developers Still Not Interested in Secure Coding
News  |  12/8/2020  | 
Security and development are still two different worlds, with open source developers resistant to spending time finding and fixing vulnerabilities.
Page 1 / 2   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22539
PUBLISHED: 2021-04-16
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend...
CVE-2021-31414
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
CVE-2021-26073
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
CVE-2021-26074
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
CVE-2018-19942
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QT...