Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2020
Page 1 / 2   >   >>
Bank of America Security Incident Affects PPP Applicants
Quick Hits  |  5/29/2020  | 
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
Cisco Announces Patches to SaltStack
Quick Hits  |  5/29/2020  | 
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
A Rogues' Gallery of MacOS Malware
Slideshows  |  5/28/2020  | 
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
GitHub Supply Chain Attack Uses Octopus Scanner Malware
News  |  5/28/2020  | 
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Quick Hits  |  5/28/2020  | 
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
3 SMB Cybersecurity Myths Debunked
Commentary  |  5/28/2020  | 
Small and midsize businesses are better at cyber resilience than you might think.
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
News  |  5/28/2020  | 
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
News  |  5/28/2020  | 
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
Data Loss Spikes Under COVID-19 Lockdowns
News  |  5/28/2020  | 
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
How Elite Protectors Operationalize Security Protection
Commentary  |  5/28/2020  | 
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
HackerOne Bounties Hit $100M Milestone
Quick Hits  |  5/27/2020  | 
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
News  |  5/27/2020  | 
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
What the World's Elite Protectors Teach Us about Cybersecurity
Commentary  |  5/27/2020  | 
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
6 Steps Consumers Should Take Following a Hack
Slideshows  |  5/27/2020  | 
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
News  |  5/26/2020  | 
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
Americans Care About Security But Don't Follow Through
Quick Hits  |  5/26/2020  | 
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
Turla Backdoor Adds Gmail Web Interface for Command-and-Control
News  |  5/26/2020  | 
The latest version of ComRAT is another sign of the threat actor's continued focus on targets in the government, military, and other sectors.
Benefits of a Cloud-Based, Automated Cyber Range
Commentary  |  5/26/2020  | 
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
World Leaders Urge Action Against Healthcare Cyberattacks
Quick Hits  |  5/26/2020  | 
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
Content Delivery Networks Adding Checks for Magecart Attacks
News  |  5/26/2020  | 
Modern web applications make significant use of third-party code to drive innovation, but the software supply chain has also turned into a major source of threat. CDNs aim to change that.
10 iOS Security Tips to Lock Down Your iPhone
Slideshows  |  5/22/2020  | 
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Hackers Serve Up Stolen Credentials from Home Chef
Quick Hits  |  5/21/2020  | 
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
How an Industry Consortium Can Reinvent Security Solution Testing
Commentary  |  5/21/2020  | 
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
The Need for Compliance in a Post-COVID-19 World
Commentary  |  5/21/2020  | 
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Digital Transformation Risks in Front-end Code
Commentary  |  5/20/2020  | 
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
Offers to Sell Enterprise Network Access Surge on Dark Web
Quick Hits  |  5/20/2020  | 
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Quick Hits  |  5/20/2020  | 
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
News  |  5/20/2020  | 
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Commentary  |  5/20/2020  | 
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Google Chrome Redesign Puts Security & Privacy in Users' Hands
Quick Hits  |  5/19/2020  | 
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
News  |  5/19/2020  | 
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Long-Term Remote Work: Keeping Workers Productive & Secure
Commentary  |  5/19/2020  | 
The pandemic has changed how we get work done. Now, data security must catch up.
EasyJet Sees 9 Million Customer Email Addresses Stolen
Quick Hits  |  5/19/2020  | 
More than 2,000 customers also had credit card information taken in the attack.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Commentary  |  5/19/2020  | 
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
As DevOps Accelerates, Security's Role Changes
News  |  5/18/2020  | 
There remains a disconnect between developers and security teams, with uncertainty around who should handle software security.
The 3 Top Cybersecurity Myths & What You Should Know
Commentary  |  5/18/2020  | 
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
Templates Make Coronavirus Phishing Campaigns Easy
Quick Hits  |  5/15/2020  | 
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.
Microsoft Open Sources Its Coronavirus Threat Data
Quick Hits  |  5/15/2020  | 
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
4 Challenges with Existing VPNs
Commentary  |  5/15/2020  | 
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
News  |  5/14/2020  | 
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
Microsoft Patch for Reverse RDP Flaw Leaves Room for Other Attacks
News  |  5/14/2020  | 
Fix released in February is Microsoft's second pass at fully addressing issue that Check Point first disclosed at Black Hat USA last summer.
8 Supply Chain Security Requirements
Slideshows  |  5/14/2020  | 
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
Compliance as a Way to Reduce the Risk of Insider Threats
Commentary  |  5/14/2020  | 
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
79% of Companies Report Identity-Related Breach in Past Two Years
Quick Hits  |  5/14/2020  | 
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
Ensuring Business Continuity in Times of Crisis
Commentary  |  5/14/2020  | 
Three basic but comprehensive steps can help you and your organization get through adversity
New Cyber-Espionage Framework Dubbed Ramsay
News  |  5/13/2020  | 
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
Attackers Routinely Use Older Vulnerabilities to Exploit Businesses, US Cyber Agency Warns
News  |  5/13/2020  | 
Security issues in Microsoft products dominate the US government's top 10 list of commonly exploited vulnerabilities, but Apache Struts, Adobe Flash, and Drupal are also routinely targeted.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25821
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-3130
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
CVE-2020-3133
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
CVE-2020-3135
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
CVE-2020-3137
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...