Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2021
Page 1 / 3   >   >>
Google Updates on Campaign Targeting Security Researchers
Quick Hits  |  3/31/2021  | 
Attackers linked to North Korea began to target security researchers on social media earlier this year.
83% of Businesses Hit With a Firmware Attack in Past Two Years
News  |  3/31/2021  | 
A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks.
College Students Targeted in Newest IRS Scam
Quick Hits  |  3/31/2021  | 
The Internal Revenue Service warns of fraudulent emails sent to .edu addresses.
Advice From Security Experts: How to Approach Security in the New Normal
Commentary  |  3/31/2021  | 
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Weakness in EDR Tools Lets Attackers Push Malware Past Them
News  |  3/31/2021  | 
A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows.
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
News  |  3/30/2021  | 
A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
White Ops Renames Company 'Human'
Quick Hits  |  3/30/2021  | 
The company first confirmed plans to change its name in October 2020.
Watch Out for These Cyber-Risks
Commentary  |  3/30/2021  | 
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Ghost Users Haunt Healthcare Firms
Quick Hits  |  3/30/2021  | 
Data security hygiene severely lacking among healthcare firms, new research shows.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Commentary  |  3/30/2021  | 
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Attackers Target PHP Git Server to Backdoor Source Code
Quick Hits  |  3/29/2021  | 
The PHP maintainers have decided to make GitHub the official source for PHP repositories going forward.
SolarWinds Hackers Accessed DHS Chief's Email
Quick Hits  |  3/29/2021  | 
Several high-level government accounts were also breached in the attack.
CISA Builds Out Defensive Tools for Security Teams
News  |  3/29/2021  | 
Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox.
SolarWinds Experimenting With New Software Build System in Wake of Breach
News  |  3/26/2021  | 
CISO of SolarWinds now has complete autonomy to stop product releases if security concerns exist, CEO says.
40% of Apps Leaking Information
Quick Hits  |  3/26/2021  | 
Apps in manufacturing most at risk, according to WhiteHat Security.
Apple Patches iOS Zero-Day
Quick Hits  |  3/26/2021  | 
Apple today released iOS 14.4.2 to address a security vulnerability that may have been actively exploited.
Microsoft Shares Exchange Server Post-Compromise Attack Activity
News  |  3/26/2021  | 
Microsoft shares the details of post-exploitation attack activity, including multiple ransomware payloads and a cryptocurrency botnet.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
Quick Hits  |  3/25/2021  | 
A decision on the order, which contains several recommendations, is still forthcoming.
Nearly Half of Popular Android Apps Built With High-Risk Components
News  |  3/25/2021  | 
Information leakage and applications asking for too many permissions were also major issues, according to a survey of more than 3,300 popular mobile applications.
Security Operations in the World We Live in Now
Commentary  |  3/25/2021  | 
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
Commentary  |  3/25/2021  | 
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
California State Controller's Office Suffers Data Breach
Quick Hits  |  3/24/2021  | 
Employee unwittingly gave hacker access to email account for more than a day.
Facebook Reports China-Linked Cyberattack Targeting Uyghurs
News  |  3/24/2021  | 
Facebook has removed accounts used to send malicious links to Uyghur people with the goal of infecting their devices.
How to Protect Our Critical Infrastructure From Attack
News  |  3/24/2021  | 
Just how worried should we be about a cyber or physical attack on national infrastructure? Chris Price reports on how the pandemic, the growth of remote working, and IoT are putting assets at risk.
Prioritizing Application & API Security After the COVID Cloud Rush
Commentary  |  3/24/2021  | 
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Anti-Spoofing for Email Gains Adoption, but Enforcement Lags
News  |  3/23/2021  | 
More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
Inside the Web Shell Used in the Microsoft Exchange Server Attacks
News  |  3/23/2021  | 
The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.
Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack
Quick Hits  |  3/23/2021  | 
Former contractor deleted 1,200 user accounts in revenge.
Organizations Making Little Headway in Addressing Human Risk
News  |  3/23/2021  | 
Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.
Disrupting the Cybercriminal Supply Chain
Commentary  |  3/23/2021  | 
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
Commentary  |  3/23/2021  | 
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Researchers Discover Two Dozen Malicious Chrome Extensions
News  |  3/22/2021  | 
Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.
Acer Reportedly Hit With $50M Ransomware Attack
Quick Hits  |  3/22/2021  | 
Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
News  |  3/19/2021  | 
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Quick Hits  |  3/19/2021  | 
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
Russian Man Pleads Guilty in Thwarted Tesla Hack
Quick Hits  |  3/19/2021  | 
Egor Kriuchkov will be sentenced in May on conspiracy charge
How Us Shady Geeks Put Others Off Security
Commentary  |  3/19/2021  | 
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Tech Vendors' Lack of Security Transparency Worries Firms
News  |  3/18/2021  | 
A majority of firms say they're more likely to buy from suppliers that are open about security issues -- yet that sentiment isn't necessarily reflected in the technology providers they're currently working with.
New CopperStealer Malware Hijacks Social Media Accounts
Quick Hits  |  3/18/2021  | 
Proofpoint researchers say it steals logins and spreads more malware.
FBI: Business Email Compromise Cost $1.8B in 2020
Quick Hits  |  3/18/2021  | 
The Internet Crime Complaint Center received a record 791,790 complaints last year, with reported losses exceeding $4.1 billion.
Beware the Package Typosquatting Supply Chain Attack
Commentary  |  3/18/2021  | 
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Commentary  |  3/18/2021  | 
Address these six technical root causes of breaches in order to keep your company safer.
RDP Attacks Persist Near Record Levels in 2021
News  |  3/17/2021  | 
A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.
CISA Issues Advisory on TrickBot Campaigns
Quick Hits  |  3/17/2021  | 
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20836
PUBLISHED: 2021-10-19
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...