Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in March 2021
<<   <   Page 2 / 3   >   >>
Teen Behind Twitter Hack Agrees to Three Years in Prison
Quick Hits  |  3/17/2021  | 
Graham Ivan Clark was 17 when accused of the attack that targeted several high-profile Twitter accounts.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Commentary  |  3/17/2021  | 
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
7 Tips to Secure the Enterprise Against Tax Scams
Slideshows  |  3/17/2021  | 
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Microsoft Releases Mitigation Tool for On-Premises Exchange Servers
Quick Hits  |  3/16/2021  | 
The tool, developed for organizations without dedicated IT and security teams, is meant to be used as temporary mitigation.
Best Practices for Securing Service Accounts
Commentary  |  3/16/2021  | 
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Buffalo Public Schools Cancel Classes Due to Ransomware
Quick Hits  |  3/15/2021  | 
The FBI is investigating the March 12 attack that disrupted the school system's phased reopening this week.
CISA Updates Microsoft Exchange Advisory to Include China Chopper
News  |  3/15/2021  | 
US officials warn organizations of China Chopper Web shells as new data sheds light on how the Exchange Server exploits have grown.
Verkada Breach Demonstrates Danger of Overprivileged Users
News  |  3/15/2021  | 
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Microsoft Exchange Server Attacks: 9 Lessons for Defenders
Slideshows  |  3/12/2021  | 
Experts share their guidance for organizations running on-premise Exchange servers in the wake of rapidly spreading attacks.
Can a Programming Language Reduce Vulnerabilities?
News  |  3/12/2021  | 
Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity.
Power Equipment: A New Cybersecurity Frontier
Commentary  |  3/12/2021  | 
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
Microsoft Reports 'DearCry' Ransomware Targeting Exchange Servers
Quick Hits  |  3/12/2021  | 
Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits.
F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech
News  |  3/11/2021  | 
F5 BIG-IP and BIG-IQ have multiple critical vulnerabilities that enable attackers to completely compromise systems.
Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020
News  |  3/11/2021  | 
An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.
Microsoft Exchange Server Exploit Code Posted to GitHub
Quick Hits  |  3/11/2021  | 
The proof-of-concept tool, which contained exploits for two Exchange Server vulnerabilities, was quickly removed from GitHub.
5 Steps for Investigating Phishing Attacks
Commentary  |  3/11/2021  | 
Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.
US Schools Faced Record Number of Security Incidents in 2020
Quick Hits  |  3/10/2021  | 
The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.
'Thousands' of Verkada Cameras Affected by Hacking Breach
News  |  3/10/2021  | 
Thousands of Verkada cameras have been affected by a breach from a group of hackers, who have reportedly gained access to surveillance systems inside several high-profile companies, police departments, hospitals, prisons and schools.
Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches
News  |  3/10/2021  | 
Researchers have spotted multiple groups exploiting the zero-day Exchange server vulnerabilities.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
Commentary  |  3/10/2021  | 
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
Call Recorder iPhone App Flaw Uncovered
Quick Hits  |  3/10/2021  | 
Researcher finds thousands of recorded calls easily accessible to others.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
Commentary  |  3/9/2021  | 
And the winner of Dark Reading's February cartoon caption contest is ...
48% of Security Pros Prohibited From Intelligence-Sharing
Quick Hits  |  3/9/2021  | 
Some do so anyway, according to new Kaspersky research.
COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns
Commentary  |  3/9/2021  | 
The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.
Leaked Development Secrets a Major Issue for Repositories
News  |  3/9/2021  | 
Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.
Microsoft Pushes Patches for Older Versions of Exchange Server
Quick Hits  |  3/9/2021  | 
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
Look to Banking as a Model for Stopping Crime-as-a-Service
Commentary  |  3/9/2021  | 
The first step toward prevention is understanding the six most common CaaS services.
KnowBe4 Buys Competitor MediaPRO
Quick Hits  |  3/8/2021  | 
Known for its phishing simulation platform, KnowBe4 says deal will help it expand in privacy and compliance training market.
Microsoft Exchange Server Attack Escalation Prompts Patching Panic
News  |  3/8/2021  | 
US government officials weigh in on the attacks and malicious activity, which researchers believe may be the work of multiple groups.
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Commentary  |  3/8/2021  | 
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Quick Hits  |  3/5/2021  | 
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
News  |  3/5/2021  | 
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
5 Ways Social Engineers Crack Into Human Beings
Slideshows  |  3/5/2021  | 
These common human traits are the basic ingredients in the con-man's recipe for trickery.
Business Apps Spoofed in 45% of Impersonation Attacks
Quick Hits  |  3/4/2021  | 
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
Healthcare Still Seeing High Level of Attacker Activity
News  |  3/4/2021  | 
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
Secure Laptops & the Enterprise of the Future
Commentary  |  3/4/2021  | 
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
New Social Security Scam Spoofs Government Badges
Quick Hits  |  3/4/2021  | 
Criminals text or email photos of fake government identification badges to trick people into sending money.
Why We Need More Blue Team Voices at the Table
Commentary  |  3/4/2021  | 
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
Intel: More Than 90% of Our Vulnerabilities Found via Research
News  |  3/3/2021  | 
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
More Details Emerge on the Microsoft Exchange Server Attacks
News  |  3/3/2021  | 
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Quick Hits  |  3/3/2021  | 
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
How SolarWinds Busted Up Our Assumptions About Code Signing
Commentary  |  3/3/2021  | 
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
Policy Group Calls for Public-Private Cyber-Defense Program
News  |  3/2/2021  | 
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
News  |  3/2/2021  | 
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
Thycotic and Centrify to Merge In $1.4B Deal
Quick Hits  |  3/2/2021  | 
TPG Capital will combine privileged access management providers into one company.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Commentary  |  3/2/2021  | 
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23412
PUBLISHED: 2021-07-23
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
CVE-2021-3159
PUBLISHED: 2021-07-23
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
CVE-2021-25203
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2021-25204
PUBLISHED: 2021-07-23
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVE-2021-25206
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.