Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2021
8 Security Tools to be Unveiled at Black Hat USA
Slideshows  |  7/28/2021  | 
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
7 Hot Cyber Threat Trends to Expect at Black Hat
Slideshows  |  7/22/2021  | 
A sneak peek of some of the main themes at Black Hat USA next month.
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Quick Hits  |  7/19/2021  | 
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
NSO Group Spyware Used On Journalists & Activists Worldwide
Quick Hits  |  7/19/2021  | 
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
Breaking Down the Threat of Going All-In With Microsoft Security
Commentary  |  7/19/2021  | 
Limit risk by dividing responsibility for infrastructure, tools, and security.
7 Ways AI and ML Are Helping and Hurting Cybersecurity
Commentary  |  7/19/2021  | 
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
4 Future Integrated Circuit Threats to Watch
Commentary  |  7/16/2021  | 
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
News  |  7/15/2021  | 
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
News  |  7/15/2021  | 
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
News  |  7/15/2021  | 
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Quick Hits  |  7/15/2021  | 
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
How to Bridge On-Premises and Cloud Identity
Commentary  |  7/15/2021  | 
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
What to Look for in an Effective Threat Hunter
Commentary  |  7/15/2021  | 
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.
Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
News  |  7/14/2021  | 
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
Did the Cybersecurity Workforce Gap Distract Us From the Leak?
Commentary  |  7/14/2021  | 
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
4 Integrated Circuit Security Threats and How to Protect Against Them
Commentary  |  7/14/2021  | 
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs
News  |  7/13/2021  | 
The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.
DoD-Validated Data Security Startup Emerges From Stealth
Quick Hits  |  7/13/2021  | 
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
Why We Need to Raise the Red Flag Against FragAttacks
Commentary  |  7/13/2021  | 
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
Can Government Effectively Help Businesses Fight Cybercrime?
News  |  7/13/2021  | 
From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?
SolarWinds Discloses Zero-Day Under Active Attack
Quick Hits  |  7/12/2021  | 
The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
AI and Cybersecurity: Making Sense of the Confusion
Commentary  |  7/12/2021  | 
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
How Dangerous Is Malware? New Report Finds It's Tough to Tell
Quick Hits  |  7/9/2021  | 
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
CISA Analysis Reveals Successful Attack Techniques of FY 2020
Quick Hits  |  7/9/2021  | 
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
New Framework Aims to Describe & Address Complex Social Engineering Attacks
News  |  7/9/2021  | 
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
It's in the Game (but It Shouldn't Be)
Commentary  |  7/9/2021  | 
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
Cartoon Caption Winner: Sight Unseen
Commentary  |  7/9/2021  | 
And the winner of Dark Reading's June contest is ...
Morgan Stanley Discloses Data Breach
Quick Hits  |  7/8/2021  | 
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
New WildPressure Malware Capable of Targeting Windows and MacOS
Quick Hits  |  7/8/2021  | 
The Trojan sends information back to the attackers' servers about the programming language of a target device.
What Colonial Pipeline Means for Commercial Building Cybersecurity
Commentary  |  7/8/2021  | 
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
News  |  7/7/2021  | 
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
Are Security Attestations a Necessity for SaaS Businesses?
Commentary  |  7/7/2021  | 
Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln
News  |  7/7/2021  | 
It urges organizations to immediately apply security update, citing exploit activity.
Researchers Learn From Nation-State Attackers' OpSec Mistakes
News  |  7/6/2021  | 
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.
Workers Careless in Sharing & Reusing Corporate Secrets
Quick Hits  |  7/6/2021  | 
A new survey shows leaked enterprise secrets costs companies millions of dollars each year.
It's High Time for a Security Scoring System for Applications and Open Source Libraries
Commentary  |  7/6/2021  | 
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.
Cyberattack on Kaseya Nets More Than 1,000 Victims, $70M Ransom Demand
News  |  7/6/2021  | 
The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.
Watch for Cybersecurity Games at the Tokyo Olympics
Commentary  |  7/5/2021  | 
The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.
Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags
News  |  7/2/2021  | 
Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.
SOC Investment Improves Detection and Response Times, Data Shows
Quick Hits  |  7/2/2021  | 
A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.
WFH: A Smart Time to Revisit Employee Use of Social Media
Commentary  |  7/2/2021  | 
Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.
GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code
News  |  7/1/2021  | 
The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.
WhiteHat Security Rebrands as NTT Application Security
Quick Hits  |  7/1/2021  | 
The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.
CISA Updates CSET Tool for Ransomware Defense
Quick Hits  |  7/1/2021  | 
A new module provides a set of practices to help organizations assess how well-equipped they are to defend and recover from ransomware.
Why Are There Never Enough Logs During an Incident Response?
Commentary  |  7/1/2021  | 
Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.
Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
Commentary  |  7/1/2021  | 
One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...