Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2020
Page 1 / 2   >   >>
3 Arrested for Massive Twitter Breach
Quick Hits  |  7/31/2020  | 
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
New Initiative Links Cybersecurity Pros to Election Officials
Quick Hits  |  7/31/2020  | 
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Quick Hits  |  7/31/2020  | 
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
News  |  7/30/2020  | 
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Dark Web Travel Fraudsters Left Hurting From Lockdowns
News  |  7/30/2020  | 
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Commentary  |  7/30/2020  | 
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
News  |  7/29/2020  | 
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
Quick Hits  |  7/29/2020  | 
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
Dark Reading Video News Desk Returns to Black Hat
News  |  7/29/2020  | 
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Lazarus Group Shifts Gears with Custom Ransomware
News  |  7/28/2020  | 
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.
Avon Server Leaks User Info and Administrative Data
Quick Hits  |  7/28/2020  | 
An unprotected server has exposed more than 7GB of data from the beauty brand.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
News  |  7/28/2020  | 
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
7.5M Banking Customers Affected in Dave Security Breach
Quick Hits  |  7/28/2020  | 
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
ShinyHunters Offers Stolen Data on Dark Web
Quick Hits  |  7/27/2020  | 
The threat actor offers more than 26 million records from a series of data breaches.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Qualys Enters Crowded Endpoint Detection and Response Market
News  |  7/26/2020  | 
The company, already known for its vulnerability management capabilities, announces the acquisition of EDR provider Spell Security and the launch of its own service for managing endpoints and responding to threats.
Organizations Continue to Struggle With App Vulns
News  |  7/24/2020  | 
A high percentage of discovered bugs remain unremediated for a long time, a new study shows.
Garmin Takes App & Services Offline After Suspected Ransomware Attack
Quick Hits  |  7/24/2020  | 
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.
Access to Internal Twitter Admin Tools Is Widespread
Quick Hits  |  7/24/2020  | 
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
News  |  7/23/2020  | 
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
DNA Site Leaves Records Open to Law Enforcement
Quick Hits  |  7/23/2020  | 
A pair of breaches reset user accounts to allow access for two days.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Commentary  |  7/23/2020  | 
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
CouchSurfing Investigates Potential Data Breach
Quick Hits  |  7/23/2020  | 
The service has reportedly hired a security firm after 17 million user records were found on a public hacking forum.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
VC Investment in Cybersecurity Dips & Shifts with COVID-19
News  |  7/22/2020  | 
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Commentary  |  7/22/2020  | 
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
COVID-19-Related Attacks Exploded in the First Half of 2020
Quick Hits  |  7/22/2020  | 
COVID-19 as part of a cyberattack increased by more than 3,900% between February and June.
The InfoSec Barrier to AI
Commentary  |  7/22/2020  | 
Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here's why.
Q&A: How Systemic Racism Weakens Cybersecurity
News  |  7/22/2020  | 
Cybersecurity policy expert and attorney Camille Stewart explains how to dismantle systemic racism in the industry and build a more diverse and representative workforce.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
The State of Hacktivism in 2020
News  |  7/21/2020  | 
Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet.
The Data Privacy Loophole Federal Agencies Are Still Missing
Commentary  |  7/21/2020  | 
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Commentary  |  7/21/2020  | 
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
Internet Scan Shows Decline in Insecure Network Services
News  |  7/20/2020  | 
While telnet, rsync, and SMB, exposure surprisingly have dropped, proper patching and encryption adoption remain weak worldwide.
SIGRed: What You Should Know About the Windows DNS Server Bug
News  |  7/20/2020  | 
DNS experts share their thoughts on the wormable vulnerability and explain why it should be a high priority for businesses.
Number of Reported Breaches Decrease In First Half of 2020
Quick Hits  |  7/20/2020  | 
With the pandemic as a backdrop, publicly reported US data breaches dropped as more employees and suppliers stayed home.
What Organizations Need to Know About IoT Supply Chain Risk
Commentary  |  7/20/2020  | 
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.