Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2021
<<   <   Page 2 / 3   >   >>
Agility Broke AppSec. Now It's Going to Fix It.
Commentary  |  5/17/2021  | 
Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured.
Name That Toon: Road Trip
Commentary  |  5/17/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Rapid7 Source Code Accessed in Supply Chain Attack
Quick Hits  |  5/14/2021  | 
An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data.
Cisco Confirms Plans to Acquire Kenna Security
Quick Hits  |  5/14/2021  | 
Cisco plans to integrate Kenna's vulnerability management technology into its SecureX platform.
SOC Teams Burdened by Alert Fatigue Explore XDR
Quick Hits  |  5/14/2021  | 
ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
News  |  5/14/2021  | 
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.
Security Trends to Follow at RSA Conference 2021
Commentary  |  5/14/2021  | 
Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.
Firms Struggle to Secure Multicloud Misconfigurations
News  |  5/13/2021  | 
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.
Dragos & IronNet Partner on Critical Infrastructure Security
Quick Hits  |  5/13/2021  | 
The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security
When AI Becomes the Hacker
News  |  5/13/2021  | 
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.
Adapting to the Security Threat of Climate Change
Commentary  |  5/13/2021  | 
Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.
Defending the Castle: How World History Can Teach Cybersecurity a Lesson
Commentary  |  5/13/2021  | 
Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization's attack surface that are largely unmonitored and undefended.
Researchers Unearth 167 Fake iOS & Android Trading Apps
Quick Hits  |  5/12/2021  | 
The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.
Putting the Spotlight on DarkSide
News  |  5/12/2021  | 
Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack.
66% of CISOs Feel Unprepared for Cyberattacks
Quick Hits  |  5/12/2021  | 
More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report.
Vulnerable Protocols Leave Firms Open to Further Compromises
News  |  5/12/2021  | 
Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Commentary  |  5/12/2021  | 
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
Why You Should Be Prepared to Pay a Ransom
Commentary  |  5/12/2021  | 
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
News  |  5/11/2021  | 
Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?
Adobe Issues Patch for Acrobat Zero-Day
Quick Hits  |  5/11/2021  | 
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
Application Attacks Spike as Criminals Target Remote Workers
Quick Hits  |  5/11/2021  | 
Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.
Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable
News  |  5/11/2021  | 
Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.
Cartoon Caption Winner: Greetings, Earthlings
Commentary  |  5/11/2021  | 
And the winner of Dark Reading's April cartoon caption contest is ...
3 Cybersecurity Myths to Bust
Commentary  |  5/11/2021  | 
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
Critical Infrastructure Under Attack
Commentary  |  5/11/2021  | 
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Colonial Pipeline Cyberattack: What Security Pros Need to Know
News  |  5/10/2021  | 
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
Tulsa Deals With Aftermath of Ransomware Attack
Quick Hits  |  5/10/2021  | 
Weekend attack shuts down several city sites and service.
Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime
Quick Hits  |  5/10/2021  | 
The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.
Exchange Exploitation: Not Dead Yet
Commentary  |  5/10/2021  | 
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
How North Korean APT Kimsuky Is Evolving Its Tactics
News  |  5/7/2021  | 
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Quick Hits  |  5/7/2021  | 
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Quick Hits  |  5/7/2021  | 
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
Defending Against Web Scraping Attacks
Commentary  |  5/7/2021  | 
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
Troy Hunt: Organizations Make Security Choices Tough for Users
News  |  5/6/2021  | 
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
Google Plans to Automatically Enable Two-Factor Authentication
Quick Hits  |  5/6/2021  | 
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
CISA Publishes Analysis on New 'FiveHands' Ransomware
Quick Hits  |  5/6/2021  | 
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
Securing the Internet of Things in the Age of Quantum Computing
Commentary  |  5/6/2021  | 
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Commentary  |  5/6/2021  | 
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
Attackers Seek New Strategies to Improve Macros' Effectiveness
News  |  5/5/2021  | 
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
DoD Lets Researchers Target All Publicly Accessible Info Systems
Quick Hits  |  5/5/2021  | 
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
Will 2021 Mark the End of World Password Day?
Commentary  |  5/5/2021  | 
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Apple Issues Patches for Webkit Security Flaws
Quick Hits  |  5/4/2021  | 
The vulnerabilities may already be under active attack, Apple says in an advisory.
More Companies Adopting DevOps & Agile for Security
News  |  5/4/2021  | 
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
Scripps Health Responds to Cyberattack
Quick Hits  |  5/4/2021  | 
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
Can Organizations Secure Remote Workers for the Long Haul?
Commentary  |  5/4/2021  | 
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
It's Time to Ditch Celebrity Cybersecurity
Commentary  |  5/4/2021  | 
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
Researchers Explore Active Directory Attack Vectors
News  |  5/3/2021  | 
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Imperva to Buy API Security Firm CloudVector
Quick Hits  |  5/3/2021  | 
The deal is intended to expand Imperva's API security portfolio, officials say.
Buer Malware Variant Rewritten in Rust Programming Language
Quick Hits  |  5/3/2021  | 
Researchers suggest a few reasons why operators rewrote Buer in an entirely new language
Researchers Find Bugs Using Single-Codebase Inconsistencies
News  |  5/3/2021  | 
A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25878
PUBLISHED: 2022-05-27
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption ...
CVE-2021-27780
PUBLISHED: 2022-05-27
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27781
PUBLISHED: 2022-05-27
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2022-1897
PUBLISHED: 2022-05-27
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-20666
PUBLISHED: 2022-05-27
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient va...