Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2020
Page 1 / 2   >   >>
Ripple20 Threatens Increasingly Connected Medical Devices
News  |  6/30/2020  | 
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
COVID-19 Puts ICS Security Initiatives 'On Pause'
News  |  6/30/2020  | 
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Quick Hits  |  6/30/2020  | 
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
University of California SF Pays Ransom After Medical Servers Hit
News  |  6/29/2020  | 
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
News  |  6/29/2020  | 
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
HackerOne Reveals Top 10 Bug-Bounty Programs
Quick Hits  |  6/29/2020  | 
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
Files Stolen from 945 Websites Discovered on Dark Web
Quick Hits  |  6/29/2020  | 
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Vulnerabilities Declining in Open Source, but Slow Patching Still a Problem
News  |  6/25/2020  | 
Even as more code is produced, indirect dependencies continue to undermine security.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Lucifer Malware Aims to Become Broad Platform for Attacks
News  |  6/25/2020  | 
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
News  |  6/24/2020  | 
Government-mandated Internet shutdowns occur far more regularly than you might expect.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
News  |  6/24/2020  | 
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Twitter Says Business Users Were Vulnerable to Data Breach
Quick Hits  |  6/23/2020  | 
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Microsoft Acquires IoT/OT Security Firm CyberX
Quick Hits  |  6/22/2020  | 
Deal extends Microsoft Azure for legacy industrial devices.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Australian Government Under Ongoing Cyberattack
Quick Hits  |  6/19/2020  | 
Experts believe China is behind the attack campaign, but China denies responsibility.
Cloud Security Alliance Offers Tips to Protect Telehealth Data
News  |  6/19/2020  | 
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
Cisco Patches Flaw in Webex Videoconferencing App
News  |  6/18/2020  | 
Vulnerability would have allowed an attacker to gain access to sensitive information on a system, Trustwave's SpiderLabs says.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
60% of Businesses Plan to Spend More on Cyber Insurance
Quick Hits  |  6/18/2020  | 
New data reveals 65% of SMEs plan to invest more in cyber insurance, compared with 58% of large enterprises.
O365 Phishing Campaign Leveraged Legit Domains
Quick Hits  |  6/18/2020  | 
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
Most Contact-Tracing Apps Fail Basic Security
News  |  6/18/2020  | 
A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.
7 Tips for Employers Navigating Remote Recruitment
Slideshows  |  6/17/2020  | 
Hiring experts explain how companies should approach recruitment when employers and candidates are working remotely.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
News  |  6/16/2020  | 
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
Hosting Provider Hit With Largest-Ever DDoS Attack
News  |  6/16/2020  | 
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
Ransomware from Your Lawyer's Perspective
Commentary  |  6/16/2020  | 
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
Half of Firms Likely Running Vulnerable Oracle E-Business Suite
News  |  6/16/2020  | 
Two security vulnerabilities could open up companies to financial attacks and compliance violations if the software is not updated, Onapsis says.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
Ryuk Continues to Dominate Ransomware Response Cases
News  |  6/15/2020  | 
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.
Intel Tackles Malware Related to Memory Security at Hardware Level
News  |  6/15/2020  | 
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.
Microsoft Releases Update for DoS Flaw in .NET Core
Quick Hits  |  6/15/2020  | 
Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.
Page 1 / 2   >   >>


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.