Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2021
Page 1 / 2   >   >>
MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
News  |  6/30/2021  | 
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.
Attackers Already Unleashing Malware for Apple macOS M1 Chip
News  |  6/30/2021  | 
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
3 Things Every CISO Wishes You Understood
Commentary  |  6/30/2021  | 
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Commentary  |  6/30/2021  | 
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
Ransomware Losses Drive Up Cyber-Insurance Costs
News  |  6/29/2021  | 
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
Survey Data Reveals Gap in Americans' Security Awareness
Quick Hits  |  6/29/2021  | 
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Commentary  |  6/29/2021  | 
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
3 Ways Cybercriminals Are Undermining MFA
Commentary  |  6/29/2021  | 
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
News  |  6/28/2021  | 
Rogue driver was distributed within gaming community in China, company says.
Attacks Erase Western Digital Network-Attached Storage Drives
News  |  6/28/2021  | 
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.
Microsoft Tracks Attack Campaign Against Customer Support Agents
Quick Hits  |  6/28/2021  | 
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.
The Role of Encryption in Protecting LGBTQ+ Community Members
Commentary  |  6/28/2021  | 
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.
Amazon Acquires Secure Messaging Platform Wickr
Quick Hits  |  6/25/2021  | 
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.
School's Out for Summer, but Don't Close the Book on Cybersecurity Training
Commentary  |  6/25/2021  | 
Strengthening their security posture should be at the top of school IT departments' summer to-do list.
High-Level FIN7 Member Sentenced to 7 Years in Prison
Quick Hits  |  6/25/2021  | 
Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.
7 Unconventional Pieces of Password Wisdom
Slideshows  |  6/25/2021  | 
Challenging common beliefs about best practices in password hygiene.
74% of Q1 Malware Was Undetectable Via Signature-Based Tools
News  |  6/24/2021  | 
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
Tulsa Officials Warn Ransomware Attackers Leaked City Files
Quick Hits  |  6/24/2021  | 
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
Preinstalled Firmware Updater Puts 128 Dell Models at Risk
News  |  6/24/2021  | 
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
Boardroom Perspectives on Cybersecurity: What It Means for You
Commentary  |  6/24/2021  | 
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
Storms & Silver Linings: Avoiding the Dangers of Cloud Migration
Commentary  |  6/24/2021  | 
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
John McAfee, Creator of McAfee Antivirus Software, Dead at 75
Quick Hits  |  6/24/2021  | 
McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.
VMs Help Ransomware Attackers Evade Detection, but It's Uncommon
News  |  6/23/2021  | 
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
Microsoft Tracks New BazaCall Malware Campaign
Quick Hits  |  6/23/2021  | 
Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies
News  |  6/23/2021  | 
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Commentary  |  6/23/2021  | 
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Commentary  |  6/23/2021  | 
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO
News  |  6/22/2021  | 
A new report suggests that top management at most companies still don't get security.
NSA Funds Development & Release of D3FEND Framework
Quick Hits  |  6/22/2021  | 
The framework, now available through MITRE, provides countermeasures to attacks.
Identity Eclipses Malware Detection at RSAC Startup Competition
Commentary  |  6/22/2021  | 
All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
News  |  6/22/2021  | 
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
Did Companies Fail to Disclose Being Affected by SolarWinds Breach?
News  |  6/21/2021  | 
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
Software-Container Supply Chain Sees Spike in Attacks
News  |  6/21/2021  | 
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
Data Leaked in Fertility Clinic Ransomware Attack
Quick Hits  |  6/21/2021  | 
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.
Are Ransomware Attacks the New Pandemic?
Commentary  |  6/21/2021  | 
Ransomware has been a problem for decades, so why is government just now beginning to address it?
Attackers Find New Way to Exploit Google Docs for Phishing
News  |  6/18/2021  | 
Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
This Week in Database Leaks: Cognyte, CVS, Wegmans
News  |  6/18/2021  | 
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
Accidental Insider Leaks Prove Major Source of Risk
Quick Hits  |  6/18/2021  | 
Research reports highlight growing concerns around insider negligence that leads to data breaches.
4 Habits of Highly Effective Security Operators
Commentary  |  6/18/2021  | 
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
Carnival Cruise Line Reports Security Breach
Quick Hits  |  6/17/2021  | 
The cruise ship operator says the incident affected employee and guest data.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Commentary  |  6/17/2021  | 
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Mission Critical: What Really Matters in a Cybersecurity Incident
Commentary  |  6/17/2021  | 
The things you do before and during a cybersecurity incident can make or break the success of your response.
Ransomware Operators' Strategies Evolve as Attacks Rise
News  |  6/16/2021  | 
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.
Biden Tells Putin Critical Infrastructure Sectors 'Off Limits' to Russian Hacking
Quick Hits  |  6/16/2021  | 
President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.
Security Flaw Discovered In Peloton Equipment
Quick Hits  |  6/16/2021  | 
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World
Commentary  |  6/16/2021  | 
Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
Russian National Convicted on Charges Related to Kelihos Botnet
Quick Hits  |  6/16/2021  | 
Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.
Don't Get Stymied by Security Indecision
Commentary  |  6/16/2021  | 
You might be increasing cyber-risk by not actively working to reduce it.
Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet
News  |  6/15/2021  | 
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
News  |  6/15/2021  | 
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14119
PUBLISHED: 2021-09-16
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
CVE-2020-14124
PUBLISHED: 2021-09-16
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
CVE-2021-34571
PUBLISHED: 2021-09-16
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
CVE-2021-34572
PUBLISHED: 2021-09-16
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.
CVE-2021-34573
PUBLISHED: 2021-09-16
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.