Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2019
<<   <   Page 2 / 2
Lenovo NAS Firmware Flaw Exposes Stored Data
News  |  7/16/2019  | 
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
FBI Publishes GandCrab Decryption Keys
Quick Hits  |  7/16/2019  | 
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.
How Attackers Infiltrate the Supply Chain & What to Do About It
Commentary  |  7/16/2019  | 
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
Is 2019 the Year of the CISO?
Commentary  |  7/16/2019  | 
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Flaws in Telegram & WhatsApp on Android Put Data at Risk
News  |  7/15/2019  | 
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
News  |  7/15/2019  | 
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine
Quick Hits  |  7/15/2019  | 
The fine, for the social media giant's role in the Cambridge Analytica scandal, would be the largest ever against a tech company.
Software Developers Face Secure Coding Challenges
News  |  7/15/2019  | 
Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
Competing Priorities Mean Security Risks for Small Businesses
Quick Hits  |  7/12/2019  | 
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Commentary  |  7/12/2019  | 
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Data Center Changes Push Cyber Risk to Network's Edge
News  |  7/11/2019  | 
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
How to Catch a Phish: Where Employee Awareness Falls Short
News  |  7/11/2019  | 
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
Software Engineer Charged for Taking Stolen Trade Secrets to China
Quick Hits  |  7/11/2019  | 
Xudong Yao reportedly stole proprietary information from his employer and brought it to China, where he is believed to currently reside.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Summer: A Time for Vacations & Cyberattacks?
News  |  7/11/2019  | 
About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Persistent Threats Can Last Inside SMB Networks for Years
News  |  7/11/2019  | 
The average dwell time for riskware can be as much as 869 days.
Industry Insight: Checking Up on Healthcare Security
News  |  7/10/2019  | 
Modern threats putting healthcare organization at risk, how they're improving their security posture, and where many fall short.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Vulnerability Found in GE Anesthesia Machines
Quick Hits  |  7/10/2019  | 
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.
Intel Releases Updates for Storage & Diagnostic Tools
Quick Hits  |  7/10/2019  | 
CISA released an alert telling users about the updates to firmware in Intel SSD and Processor Diagnostic products.
4 Reasons Why SOC Superstars Quit
Commentary  |  7/10/2019  | 
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Slideshows  |  7/10/2019  | 
A Raspberry Pi attached to the network at NASA JPL became the doorway for a massive intrusion and subsequent data loss. Here's how to keep the same thing from happening to your network.
Financial Impact of Cybercrime Exceeded $45B in 2018
News  |  7/9/2019  | 
Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
News  |  7/9/2019  | 
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
Microsoft Patches Zero-Day Vulnerabilities Under Active Attack
News  |  7/9/2019  | 
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.
Cloud Security and Risk Mitigation
Commentary  |  7/9/2019  | 
Just because your data isn't on-premises doesn't mean you're not responsible for security.
Cybercriminals Target Budding Cannabis Retailers
Quick Hits  |  7/9/2019  | 
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
Insider Threats: An M&A Dealmaker's Nightmare
Commentary  |  7/9/2019  | 
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
DevOps' Inevitable Disruption of Security Strategy
News  |  7/9/2019  | 
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
Researchers Poke Holes in Siemens Simatic S7 PLCs
News  |  7/8/2019  | 
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
Android App Publishers Won't Take 'No' for an Answer on Personal Data
News  |  7/8/2019  | 
Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission.
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
Slideshows  |  7/8/2019  | 
Just some of the research and ideas worth checking out at this year's 'security summer camp.'
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
D-Link Agrees to Strengthen Device Security
Quick Hits  |  7/3/2019  | 
A settlement with the FTC should mean comprehensive security upgrades for D-Link routers and IP camera.
US Military Warns Companies to Look Out for Iranian Outlook Exploits
News  |  7/3/2019  | 
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw.
Sodin Ransomware Exploits Windows Privilege Escalation Bug
News  |  7/3/2019  | 
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Commentary  |  7/3/2019  | 
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
New MacOS Malware Discovered
News  |  7/2/2019  | 
A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.
'Human Side-Channels': Behavioral Traces We Leave Behind
News  |  7/2/2019  | 
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Commentary  |  7/2/2019  | 
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
Poor Communications Slowing DevOps Shift
Quick Hits  |  7/2/2019  | 
Existing functional silos are standing in the way of building a DevOps culture.
Lake City Employee Fired Following Ransom Payment
Quick Hits  |  7/2/2019  | 
The Florida city approved its insurer to pay $460,000 in ransom for a cyberattack that shut down servers, email, and phone.
The Case for Encryption: Fact vs. Fiction
Commentary  |  7/2/2019  | 
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
Ransomware Hits Georgia Court System
Quick Hits  |  7/1/2019  | 
The court's IT department is meeting with external agencies to determine the scope and severity of the cyberattack.
Building the Future Through Security Internships
Commentary  |  7/1/2019  | 
Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI&acirc;&euro;&trade;s BLE stack caches and reuses the LTK&acirc;&euro;&trade;s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...