Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in February 2021
Page 1 / 2   >   >>
Attackers Turn Struggling Software Projects Into Trojan Horses
News  |  2/26/2021  | 
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
After a Year of Quantum Advances, the Time to Protect Is Now
Commentary  |  2/26/2021  | 
Innovations in quantum computing mean enterprise and manufacturing organizations need to start planning now to defend against new types of cybersecurity threats.
Ransomware, Phishing Will Remain Primary Risks in 2021
News  |  2/25/2021  | 
Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.
Thousands of VMware Servers Exposed to Critical RCE Bug
Quick Hits  |  2/25/2021  | 
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Commentary  |  2/25/2021  | 
Educational institutions have become prime targets, but there are things they can do to stay safer.
How to Avoid Falling Victim to a SolarWinds-Style Attack
Commentary  |  2/25/2021  | 
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
New APT Group Targets Airline Industry & Immigration
News  |  2/24/2021  | 
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
61% of Malware Delivered via Cloud Apps: Report
Quick Hits  |  2/24/2021  | 
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
Google Invests in Linux Kernel Developers to Focus on Security
News  |  2/24/2021  | 
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
Kaseya Buys Managed SOC Provider
Quick Hits  |  2/24/2021  | 
Purchase extends offerings for MSP and SMB customers
The Realities of Extended Detection and Response (XDR) Technology
Commentary  |  2/24/2021  | 
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
Universities Face Double Threat of Ransomware, Data Breaches
News  |  2/24/2021  | 
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
3 Security Flaws in Smart Devices & IoT That Need Fixing
Commentary  |  2/24/2021  | 
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
Botnet Uses Blockchain to Obfuscate Backup Command & Control Information
News  |  2/24/2021  | 
The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.
SonicWall Releases Second Set of February Firmware Patches
Quick Hits  |  2/23/2021  | 
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Quick Hits  |  2/23/2021  | 
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Commentary  |  2/23/2021  | 
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
CVSS as a Framework, Not a Score
Commentary  |  2/23/2021  | 
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool
News  |  2/22/2021  | 
APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
News  |  2/22/2021  | 
Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.
Researcher Reports Vulnerability in Apple iCloud Domain
Quick Hits  |  2/22/2021  | 
A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.
8 Ways Ransomware Operators Target Your Network
Slideshows  |  2/22/2021  | 
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
What Can Your Connected Car Reveal About You?
Commentary  |  2/22/2021  | 
App developers must take responsibility for the security of users' data.
Attackers Already Targeting Apple's M1 Chip with Custom Malware
News  |  2/19/2021  | 
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
How to Fine-Tune Vendor Risk Management in a Virtual World
Commentary  |  2/19/2021  | 
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Microsoft Concludes Internal Investigation into Solorigate Breach
News  |  2/18/2021  | 
The software giant found no evidence that attackers gained extensive access to services or customer data.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Commentary  |  2/18/2021  | 
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
How to Run a Successful Penetration Test
Slideshows  |  2/18/2021  | 
These seven tips will help ensure a penetration test improves your organization's overall security posture.
Virginia Takes Different Tack Than California With Data Privacy Law
Commentary  |  2/18/2021  | 
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
News  |  2/17/2021  | 
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
Kia Faces $20M DoppelPaymer Ransomware Attack
Quick Hits  |  2/17/2021  | 
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
News  |  2/17/2021  | 
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
4 Predictions for the Future of Privacy
Commentary  |  2/17/2021  | 
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
Firms Patch Greater Number of Systems, but Still Slowly
News  |  2/16/2021  | 
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
Under Attack: Hosting & Internet Service Providers
Commentary  |  2/16/2021  | 
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
Black History Month 2021: Time to Talk Diversity and Cybersecurity
Commentary  |  2/16/2021  | 
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Commentary  |  2/15/2021  | 
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
How to Submit a Column to Dark Reading
Commentary  |  2/15/2021  | 
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Water Utility Hack Could Inspire More Intruders
News  |  2/12/2021  | 
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
Commentary  |  2/12/2021  | 
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
Ransomware Attackers Set Their Sights on SaaS
News  |  2/11/2021  | 
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
News  |  2/11/2021  | 
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
Quick Hits  |  2/11/2021  | 
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Commentary  |  2/11/2021  | 
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks
News  |  2/10/2021  | 
Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
Zero Trust in the Real World
Commentary  |  2/10/2021  | 
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Multivector Attacks Demand Security Controls at the Messaging Level
Commentary  |  2/10/2021  | 
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
News  |  2/9/2021  | 
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
News  |  2/9/2021  | 
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
CVE-2020-36488
PUBLISHED: 2021-10-22
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.