Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2020
<<   <   Page 2 / 2
Election Security: Recovering from 2016, Looking Toward 2020
News  |  7/17/2020  | 
Researchers publish the results of a four-year investigation and discuss whether the US is ready to secure its largest elections.
EU Court Ruling Means New Global Protections for EU Customer Data
Quick Hits  |  7/16/2020  | 
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
Russian Cyberattacks Target COVID-19 Research, Vaccine Development
Quick Hits  |  7/16/2020  | 
Government agencies in the US, UK, and Canada report Russian group Cozy Bear is targeting organizations developing coronavirus vaccines.
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Commentary  |  7/16/2020  | 
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
New Attack Technique Uses Misconfigured Docker API
Quick Hits  |  7/15/2020  | 
A new technique builds and deploys an attack on the victim's own system
'Patch ASAP': Cisco Issues Updates for Routers, VPN Firewall
Quick Hits  |  7/15/2020  | 
Cisco issues five critical security patches among a batch of some 31 updates.
Vulns in Open Source EHR Puts Patient Health Data at Risk
News  |  7/15/2020  | 
Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds.
How Nanotechnology Will Disrupt Cybersecurity
Commentary  |  7/15/2020  | 
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
News  |  7/14/2020  | 
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
Critical Vulnerability Hits SAP Enterprise Applications
Quick Hits  |  7/14/2020  | 
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
News  |  7/13/2020  | 
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
Russian Hacker Convicted for Social Network Hacks
Quick Hits  |  7/13/2020  | 
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.
Experts Predict Rise of Data Theft in Ransomware Attacks
Quick Hits  |  7/13/2020  | 
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
Biden Campaign Hires 2 Top Cybersecurity Executives
Quick Hits  |  7/10/2020  | 
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
Zoom Patches Zero-Day Vulnerability in Windows 7
Quick Hits  |  7/10/2020  | 
The flaw also affects older versions of the operating system, even if they're fully patched.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
News  |  7/9/2020  | 
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
Huge DDoS Attack Launched Against Cloudflare in Late June
Quick Hits  |  7/9/2020  | 
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
Up Close with Evilnum, the APT Group Behind the Malware
News  |  7/9/2020  | 
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
When WAFs Go Wrong
News  |  7/9/2020  | 
Web application firewalls are increasingly disappointing enterprises today. Here's why.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
6 Tips for Getting the Most from Nessus
Slideshows  |  7/9/2020  | 
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
Quick Hits  |  7/8/2020  | 
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
More Malware Found Preinstalled on Government Smartphones
Quick Hits  |  7/8/2020  | 
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
How Advanced Attackers Take Aim at Office 365
News  |  7/8/2020  | 
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
A Most Personal Threat: Implantable Devices in Secure Spaces
News  |  7/8/2020  | 
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
EDP Renewables Confirms Ransomware Attack
Quick Hits  |  7/7/2020  | 
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
Treasury Releases Fraud and Money Mule ID Tips
Quick Hits  |  7/7/2020  | 
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
News  |  7/7/2020  | 
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Commentary  |  7/7/2020  | 
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
Applying the 80-20 Rule to Cybersecurity
Commentary  |  7/7/2020  | 
How security teams can achieve 80% of the benefit for 20% of the work.
BEC Busts Take Down Multimillion-Dollar Operations
News  |  7/6/2020  | 
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
News  |  7/6/2020  | 
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Quick Hits  |  7/6/2020  | 
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
Android Adware Tied to Undeletable Malware
Quick Hits  |  7/6/2020  | 
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
How to Assess More Sophisticated IoT Threats
Commentary  |  7/6/2020  | 
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Quick Hits  |  7/2/2020  | 
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
Considerations for Seamless CCPA Compliance
Commentary  |  7/2/2020  | 
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
22,900 MongoDB Databases Affected in Ransomware Attack
Quick Hits  |  7/2/2020  | 
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
DHS Shares Data on Top Cyber Threats to Federal Agencies
News  |  7/1/2020  | 
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
New MacOS Ransomware Hides in Pirated Program
Quick Hits  |  7/1/2020  | 
A bogus installer for Little Snitch carries a ransomware hitchhiker.
Microsoft Issues Out-of-Band Patches for RCE Flaws
Quick Hits  |  7/1/2020  | 
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.