Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2016
<<   <   Page 2 / 2
Apple Finally Launches Bug Bounty Program
News  |  8/4/2016  | 
Security researchers will be eligible for bounties of up to $200,000. But for the moment the program is invite-only
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think
News  |  8/4/2016  | 
Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West.
Dark Reading News Desk Coming Back To Black Hat, Live
News  |  8/4/2016  | 
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
FBI Reportedly Took Months To Warn DNC That Russia May Be Behind Hackings
Quick Hits  |  8/4/2016  | 
Full disclosure may have lessened damage but official says agency was acting in national interest.
Hacker Creates Software Ratings System
Quick Hits  |  8/4/2016  | 
The new formula to rate computer software could force creators to perform better, says Peiter Mudge Zatko.
8 Alternatives to Selfie Authentication
Slideshows  |  8/4/2016  | 
How to definitively prove your identity? A variety of anatomical parts and functions may soon be able to vouch for you.
Do Security Companies Need to Issue Warranties?
News  |  8/3/2016  | 
Jeremiah Grossman outlines how IT security firms are starting to offer guarantees with the backing of insurance companies.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Researchers Show How To Steal Payment Card Data From PIN Pads
News  |  8/3/2016  | 
Attack works even against chip-enabled EMV smartcards.
Georgia Man Pleads Guilty To Hacking, Insider Trading
Quick Hits  |  8/3/2016  | 
Leonid Momotok breached newswire networks and used confidential data for illegal trades worth $30 million.
US Navy Organizes Cybersecurity Simulation
Quick Hits  |  8/3/2016  | 
Naval interns create 'Capture the Flag' challenge to protect US Navy cyberspace.
Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing
News  |  8/2/2016  | 
Researchers from Rapid7 at DefCon will demonstrate vulnerabilities that allow attackers to turn point-of-sale devices into keyboards
Awareness Improving But Security Still Lags For SAP Implementations
News  |  8/2/2016  | 
SAP ecosystem a huge Achilles heel for enterprise system security, report says.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
5 Email Security Tips to Combat Macro-Enabled Ransomware
Slideshows  |  8/2/2016  | 
Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can.
BEC Scam Mastermind Arrested By Interpol
Quick Hits  |  8/2/2016  | 
Nigerian national charged with corporate email fraud of more than $60 million.
Clinton Campaign To Hold Cybersecurity-Themed Fundraiser In Vegas
Quick Hits  |  8/2/2016  | 
Cybersecurity experts to head event during the ongoing Black Hat hacker conference this week.
3 Steps Towards Building Cyber Resilience Into Critical Infrastructure
Commentary  |  8/2/2016  | 
The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape.
Kaspersky Lab Kicks Off Its First Bug Bounty Program
News  |  8/2/2016  | 
Security vendor teams up with HackerOne to pay out $50K to researchers over next six months.
This Time, Miller & Valasek Hack The Jeep At Speed
News  |  8/1/2016  | 
Car hacking duo accelerates -- literally -- their epic Jeep Cherokee hack.
Browser Exploits Increasingly Go For The Jugular
News  |  8/1/2016  | 
Black Hat USA panel to discuss browser attacks, which now go from browser userland to root privileges in no time flat.
White-Hat Hacking Group Founder Arrested In China
Quick Hits  |  8/1/2016  | 
Chinese police crack down on ethical hacking community for undisclosed reasons, detain 10 members.
Crypto Malware: Responding To Machine-Timescale Breaches
Commentary  |  8/1/2016  | 
The game has changed again with hackers ability to steal your data at record speeds and cripple your organization before the first alert.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-20693
PUBLISHED: 2021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20695
PUBLISHED: 2021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVE-2020-20696
PUBLISHED: 2021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.