Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2016
<<   <   Page 2 / 2
From Paper To Plastic To Bits
Partner Perspectives  |  6/8/2016  | 
Paying with your phone or other electronic wallets increases transaction security.
Enterprises Still Don't Base Vuln Remediation On Risk
News  |  6/7/2016  | 
New White Hat study shows critical vulnerabilities aren't fixed any faster than other security flaws.
FBI IC3 Cautions Against Tech Support Scams
Quick Hits  |  6/7/2016  | 
Agency says attackers dupe victims into handing over remote device access and thousands of dollars.
How To Prepare For A Data Breach
Slideshows  |  6/7/2016  | 
These five from-the-trenches strategies will help you win the fight against today's sophisticated, conniving attackers.
Microsegmentation & The Need For An Intelligent Attack Surface
Commentary  |  6/7/2016  | 
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
Top Security To-Dos For The Entertainment Industry
News  |  6/6/2016  | 
'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
How Many Layers Does Your Email Security Need?
News  |  6/6/2016  | 
At least one more layer than the attacker can defeat. Heres how to improve your odds by turning on little-used or newer capabilities to block email-targeted malware.
Researchers Demo How To Build Nearly Invisible Backdoor In Computer Chips
News  |  6/6/2016  | 
Modification almost impossible to catch in post-fab tests says University of Michigan researchers in report that details proof-of-concept attack
How Risky Is Bleeding Edge Tech?
Slideshows  |  6/5/2016  | 
Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk.
Less Than 10% Of IoT Products Secure, Say 47% Surveyed
Quick Hits  |  6/3/2016  | 
IOActive poll highlights low consumer confidence in the built-in security of Internet of Things products.
BYOD Security: How To Shift Device Control & Grant Users More Choice
Commentary  |  6/3/2016  | 
Gartners managed diversity model offers an ITIL-compliant information security solution to the problem of Shadow IT.
Connected Cars: 6 Tips For Riding Safely With Onboard Devices
Slideshows  |  6/3/2016  | 
Carnegie Mellon researchers note that the cheaper the after market device, the easier it can be hacked.
Ransomware Scam Profits Not As 'Glamorous' As You'd Think
News  |  6/2/2016  | 
Bosses typically make about $90K a year, affiliates much less, Flashpoint study finds.
How Facebook Raises A Generation Of Intelligence Analysts
Commentary  |  6/2/2016  | 
In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time.
More Evidence Of Link Between Bank Attacks And North Korean Group
News  |  6/1/2016  | 
Anomali says it has found five new pieces of malware tying the two attack groups together.
Ransomware Domains Up By 3,500% In Q1
News  |  6/1/2016  | 
Cybercriminals know a good thing when they see it.
How Agile Changed Security At Dun & Bradstreet
Commentary  |  6/1/2016  | 
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.
<<   <   Page 2 / 2


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server&acirc;&euro;&trade;s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server&acirc;&euro;&trade;s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...
CVE-2020-27543
PUBLISHED: 2021-02-25
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
CVE-2020-23534
PUBLISHED: 2021-02-25
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
CVE-2021-27330
PUBLISHED: 2021-02-25
Triconsole Datepicker Calendar &lt;3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.