Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2020
<<   <   Page 2 / 2
Microsoft Fixes 58 CVEs for December Patch Tuesday
News  |  12/8/2020  | 
The last Patch Tuesday of 2020 brings fixes for Critical vulnerabilities in Microsoft SharePoint and Exchange.
Why Compliance Is No Longer King for Financial Services Cybersecurity
Commentary  |  12/8/2020  | 
Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.
Fortinet Purchases Panopta
Quick Hits  |  12/8/2020  | 
The acquisition is intended to improve the visibility and automated response capabilities of Fortinet's Security Fabri.
Keeping Cyber Secure at Christmas
News  |  12/8/2020  | 
Sylvain Cortes, Security Evangelist and cybersecurity expert at Alsid, highlights the need for security departments to raise awareness through their organizations over cyber threats this Christmas.
Attackers Know Microsoft 365 Better Than You Do
Commentary  |  12/8/2020  | 
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Phishing Campaign Targets 200M Microsoft 365 Accounts
News  |  12/7/2020  | 
A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom.
Avoiding a 1984-Like Future
Commentary  |  12/7/2020  | 
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Kmart Hit by Egregor Ransomware
Quick Hits  |  12/4/2020  | 
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Commentary  |  12/4/2020  | 
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
TrickBot's New Tactic Threatens Firmware
News  |  12/3/2020  | 
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
Common Container Manager Is Vulnerable to Dangerous Exploit
Quick Hits  |  12/3/2020  | 
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
Cloud Security Threats for 2021
Commentary  |  12/3/2020  | 
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Commentary  |  12/3/2020  | 
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Open Source Flaws Take Years to Find But Just a Month to Fix
News  |  12/2/2020  | 
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Quick Hits  |  12/2/2020  | 
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
Automated Pen Testing: Can It Replace Humans?
Commentary  |  12/2/2020  | 
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
Security Slipup Exposes Health Records & Lab Results
Quick Hits  |  12/2/2020  | 
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Commentary  |  12/2/2020  | 
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
Unmanaged Devices Heighten Risks for School Networks
News  |  12/1/2020  | 
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K12 school networks.
Inside North Korea's Rapid Evolution to Cyber Superpower
News  |  12/1/2020  | 
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
Malicious or Vulnerable Docker Images Widespread, Firm Says
News  |  12/1/2020  | 
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Commentary  |  12/1/2020  | 
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
News  |  12/1/2020  | 
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
Former NSS Labs CEO Launches New Security Testing Organization
News  |  12/1/2020  | 
Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2339
PUBLISHED: 2022-07-07
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-20752
PUBLISHED: 2022-07-06
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient pro...
CVE-2022-20768
PUBLISHED: 2022-07-06
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials....
CVE-2022-20791
PUBLISHED: 2022-07-06
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P) could allow an auth...
CVE-2022-20800
PUBLISHED: 2022-07-06
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P), and Cisco Unity ...