Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2020
Page 1 / 2   >   >>
Defense Evasion Dominated 2019 Attack Tactics
News  |  3/31/2020  | 
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Why Third-Party Risk Management Has Never Been More Important
Commentary  |  3/31/2020  | 
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Quick Hits  |  3/31/2020  | 
The data was breached through the credentials of two franchisee employees.
Patching Poses Security Problems with Move to More Remote Work
News  |  3/31/2020  | 
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
Does the 2020 Online Census Account for Security Risk?
News  |  3/31/2020  | 
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
How Much Downtime Can Your Company Handle?
Commentary  |  3/31/2020  | 
Why every business needs cyber resilience and quick recovery times.
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Slideshows  |  3/31/2020  | 
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
News  |  3/30/2020  | 
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Microsoft Edge Will Tell You If Credentials Are Compromised
Quick Hits  |  3/30/2020  | 
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
HackerOne Drops Mobile Voting App Vendor Voatz
Quick Hits  |  3/30/2020  | 
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Malicious USB Drive Hides Behind Gift Card Lure
Quick Hits  |  3/27/2020  | 
Victims are being enticed to insert an unknown USB drive into their computers.
Virgin Media Could Pay 4.5B for Leak Affecting 900,000 Customers
Quick Hits  |  3/27/2020  | 
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
Security Not a Priority for SAP Projects, Users Report
Quick Hits  |  3/26/2020  | 
Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Tupperware Hit by Card Skimmer Attack
Quick Hits  |  3/25/2020  | 
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
Quick Hits  |  3/25/2020  | 
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
New APT Targets Middle Eastern Victims
Quick Hits  |  3/24/2020  | 
The new malware, dubbed "Milum," can take control of industrial devices.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Cybercriminals' Promises to Pause During Pandemic Amount to Little
News  |  3/24/2020  | 
As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Quick Hits  |  3/23/2020  | 
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
From Zero to Hero: CISO Edition
Commentary  |  3/23/2020  | 
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Proof of Concept Released for kr00k Wi-Fi Vulnerability
Quick Hits  |  3/20/2020  | 
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
News  |  3/20/2020  | 
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
DDoS Attack Targets German Food Delivery Service
Quick Hits  |  3/19/2020  | 
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
New Study Calls Common Risk Figure into Question
News  |  3/19/2020  | 
Many risk models use a commonly quoted number -- $150 per record -- to estimate the cost of an incident. A new study from the Cyentia Institute says misusing that number means that estimates are almost never accurate.
Cyber Resilience Benchmarks 2020
Commentary  |  3/19/2020  | 
Here are four things that separate the leaders from the laggards when fighting cyber threats.
Achieving DevSecOps Requires Cutting Through the Jargon
Commentary  |  3/19/2020  | 
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
Process Injection Tops Attacker Techniques for 2019
News  |  3/18/2020  | 
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
500,000 Documents Exposed in Open S3 Bucket Incident
Quick Hits  |  3/18/2020  | 
The open database exposed highly sensitive financial and business documents related to two financial organizations.
Facebook Got Tagged, but Not Hard Enough
Commentary  |  3/18/2020  | 
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
Trend Micro Patches Two Zero-Days Under Attack
Quick Hits  |  3/18/2020  | 
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
Attorney General Directs DoJ to Prioritize Coronavirus Crime
Quick Hits  |  3/17/2020  | 
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Commentary  |  3/17/2020  | 
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.