Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2020
Page 1 / 2   >   >>
Researchers Find Baby Banking Trojan, Watch It Grow
News  |  4/30/2020  | 
EventBot is an Android information stealer on its way to becoming a very capable piece of malware.
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Things Keeping CISOs Up at Night During the COVID-19 Pandemic
Commentary  |  4/30/2020  | 
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
Ed-Tech Company Chegg Suffers Third Breach Since 2018
Quick Hits  |  4/30/2020  | 
The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
86% of Companies Report Network Disruption Amid Remote Work Shift
News  |  4/29/2020  | 
Nearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.
Microsoft Warns of Malware Hidden in Pirated Film Files
Quick Hits  |  4/29/2020  | 
An active campaign inserts malicious VBScript into ZIP files posing as downloads for "John Wick 3," "Contagion," and other popular movies.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Web Shells Continue to Threaten
News  |  4/29/2020  | 
A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
News  |  4/29/2020  | 
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
4 Ways to Get to Defensive When Faced by an Advanced Attack
Commentary  |  4/29/2020  | 
To hold your own against nation-state-grade attacks, you must think and act differently.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
New Startup Accurics Tackles Cloud Infrastructure Security
News  |  4/28/2020  | 
Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
Top 10 Cyber Incident Response Mistakes and How to Avoid Them
Slideshows  |  4/27/2020  | 
From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Microsoft Patches Dangerous Teams Vulnerability
News  |  4/27/2020  | 
CyberArk says issue would have allowed attackers to take over Teams accounts using a malicious GIF.
Microsoft Advisory Warns of Vulnerabilities Affecting Office
Quick Hits  |  4/27/2020  | 
The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
COVID-19 Quarantine: A Unique Learning Opportunity for Defenders
Commentary  |  4/27/2020  | 
Use these spare moments at home to master new skills that will help protect your organization and enhance your career.
Health Prognosis on the Security of IoMT Devices? Not Good
News  |  4/25/2020  | 
As more so-called Internet of Medical Things devices go online, hospitals and medical facilities face significant challenges in securing them from attacks that could endanger patients' lives.
MSI Utility Vulnerability Based on Missing Quotation Marks
News  |  4/24/2020  | 
The lack of quotation marks in the way a service called an application left MSI computers open to persistent privilege escalation attacks.
Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months
News  |  4/24/2020  | 
Tracking the cryptocurrency paid by victims finds that, even with a low rate of payout, the scheme netted a cool half million for the various groups involved.
Why Consumers, SMBs Are Likely to Fall for Coronavirus Scams
News  |  4/23/2020  | 
Data reveals both a lack of skepticism and a willingness to engage with emails crafted to seem like government communications.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
How the Dark Web Fuels Insider Threats
Commentary  |  4/23/2020  | 
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
Communication, Cloud & Finance Apps Most Vulnerable to Insider Threat
Quick Hits  |  4/23/2020  | 
Businesses say customer data, financial data, and intellectual property are the types of data most vulnerable to insider attacks.
The Evolving Threat of Credential Stuffing
Commentary  |  4/23/2020  | 
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
Attackers Prefer Ransomware to Stealing Data
News  |  4/22/2020  | 
Financial data is still in demand, but ransomware becomes the most popular way to try to cash in from compromised companies, according to Trustwave.
NSA Issues Guidance for Combating Web Shell Malware
Quick Hits  |  4/22/2020  | 
The US intelligence agency teamed up with Australian Signals Directorate in newly released information on how to protect Web servers from the malware.
11 Tips for Protecting Active Directory While Working from Home
Commentary  |  4/22/2020  | 
To improve the security of your corporate's network, protect the remote use of AD credentials.
Making the Case for Process Documentation in Cyber Threat Intel
Commentary  |  4/22/2020  | 
Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a must
8 Steps to Enhance Government Agencies' Security Posture
Commentary  |  4/22/2020  | 
Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
SBA Security Incident May Affect Nearly 8,000 Businesses
Quick Hits  |  4/22/2020  | 
Business owners who applied for federal disaster loans may have had information exposed to other applicants, the Small Business Administration reports.
Domain Registrars Under Pressure to Combat COVID-19-Related Scams
News  |  4/22/2020  | 
A huge increase in malicious website registrations has prompted concern from US lawmakers.
Viral WhatsApp Scam Promises Free Streaming Services
Quick Hits  |  4/21/2020  | 
Cybercriminals capitalize on the popularity of media and entertainment to target consumers looking for at-home activities.
Attackers Aim at Software Supply Chain with Package Typosquatting
News  |  4/21/2020  | 
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
Stimulus Payments Are Popular Leverage for Cyberattacks
News  |  4/20/2020  | 
More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.
IT Services Firm Cognizant Hit with Maze Ransomware
Quick Hits  |  4/20/2020  | 
Cognizant is working with cyber defense firms and law enforcement to investigate the attack, disclosed April 17.
COVID-19 Caption Contest Winners
Commentary  |  4/20/2020  | 
It was a tough choice! And the winner is
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Commentary  |  4/20/2020  | 
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
Pen-Test Results Hint at Improvements in Enterprise Security
News  |  4/17/2020  | 
Though many problems remain, organizations are making attackers work harder.
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
Quick Hits  |  4/17/2020  | 
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.
Researchers Explore Details of Critical VMware Vulnerability
Quick Hits  |  4/17/2020  | 
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.
'Look for the Helpers' to Securely Enable the Remote Workforce
Commentary  |  4/17/2020  | 
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
10 Standout Security M&A Deals from Q1 2020
Slideshows  |  4/17/2020  | 
The first quarter of 2020 brought investments in enterprise IoT and endpoint security, as well as billion-dollar investments from private equity firms.
Could Return of Ghost Squad Hackers Signal Rise in COVID-19-Related Hactivism?
News  |  4/16/2020  | 
New research suggests GSH is active in Southeast Asia following a couple of quiet years.
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
News  |  4/16/2020  | 
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.