Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2020
<<   <   Page 2 / 2
Small Business Is Big Target for Ransomware
Quick Hits  |  4/16/2020  | 
Small businesses are being hit by ransomware, and a majority are paying up to get their data back.
4 Cybersecurity Lessons from the Pandemic
Commentary  |  4/16/2020  | 
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
DHS Issues Alert for New North Korean Cybercrime
Quick Hits  |  4/15/2020  | 
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks
News  |  4/15/2020  | 
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Commentary  |  4/15/2020  | 
Hackers are upping their game, especially as they target mobile devices.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day
News  |  4/14/2020  | 
Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.
Microsoft Patches 113 Bugs, 3 Under Active Attack
News  |  4/14/2020  | 
Microsoft has seen a 44% jump in the number of CVEs fixed between January and April 2020 compared with the same period in 2019.
Insecure Home Office Networks Heighten Work-at-Home Risks
News  |  4/14/2020  | 
Nearly one in two organizations has one or more devices accessing its corporate network from a home network with at least one malware infection, BitSight says.
TikTok Vulnerability Leaves Users Open to Fake News
Quick Hits  |  4/14/2020  | 
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.
Apple Is Top Pick for Brand Phishing Attempts
Quick Hits  |  4/14/2020  | 
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Dell Releases Security Tool to Defend PCs from BIOS Attacks
News  |  4/13/2020  | 
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.
Dutch Police Shut Down 15 DDoS-for-Hire Services
Quick Hits  |  4/13/2020  | 
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.
Cybercrime May Be the World's Third-Largest Economy by 2021
Commentary  |  4/13/2020  | 
The underground economy is undergoing an industrialization wave and booming like never before.
SFO Hit by Web Compromise
Quick Hits  |  4/10/2020  | 
Web app credentials were stolen in attacks on two airport websites.
Criminals Selling Videoconferencing Credentials on Dark Web
News  |  4/10/2020  | 
Two security firms find thousands of usernames and passwords for Zoom accounts for sale and warn that the shift to remote work is changing attackers' targets.
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers
News  |  4/8/2020  | 
While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.
Researchers Fool Biometric Scanners with 3D-Printed Fingerprints
News  |  4/8/2020  | 
Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.
Microsoft Releases COVID-19 Security Guidance
Quick Hits  |  4/8/2020  | 
Information includes tips on how to keep IT systems infection-free.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Commentary  |  4/8/2020  | 
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
Why Threat Hunting with XDR Matters
Commentary  |  4/8/2020  | 
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
News  |  4/7/2020  | 
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
Mature DevOps Teams Are Secure DevOps Teams
Quick Hits  |  4/7/2020  | 
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Quick Hits  |  4/7/2020  | 
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.
Using Application Telemetry to Reveal Insider & Evasive Threats
Commentary  |  4/7/2020  | 
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
Microsoft: Emotet Attack Shut Down an Entire Business Network
News  |  4/6/2020  | 
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
FBI Warns of BEC Dangers
Quick Hits  |  4/6/2020  | 
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
Mozilla Patches Two Critical Zero-Days in Firefox
Quick Hits  |  4/6/2020  | 
The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.
Why Humans Are Phishing's Weakest Link
Commentary  |  4/6/2020  | 
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
News  |  4/3/2020  | 
A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.
FBI Warns Education & Remote Work Platforms About Cyberattacks
Quick Hits  |  4/3/2020  | 
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
Want to Improve Cloud Security? It Starts with Logging
Commentary  |  4/3/2020  | 
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
A Day in The Life of a Pen Tester
News  |  4/2/2020  | 
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
Bad Bots Build Presence Across the Web
Quick Hits  |  4/2/2020  | 
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
A Hacker's Perspective on Securing VPNs As You Go Remote
Commentary  |  4/2/2020  | 
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
Best Practices to Manage Third-Party Cyber-Risk Today
Commentary  |  4/2/2020  | 
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
New Magecart Skimmer Infects 19 Victim Websites
Quick Hits  |  4/2/2020  | 
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
Vulnerability Researchers Focus on Zoom App's Security
News  |  4/2/2020  | 
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
Why All Employees Are Responsible for Company Cybersecurity
Commentary  |  4/1/2020  | 
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
Microsoft Alerts Healthcare to Human-Operated Ransomware
News  |  4/1/2020  | 
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
The SOC Emergency Room Faces Malware Pandemic
Commentary  |  4/1/2020  | 
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
<<   <   Page 2 / 2


Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.