Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2020
Page 1 / 3   >   >>
Slack Patches Critical Desktop Vulnerability
News  |  8/31/2020  | 
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
Malicious Android Apps Slip Through Google Play Protection
Quick Hits  |  8/31/2020  | 
Multiple Android apps were found spying on users and recruiting victims' devices into ad-fraud botnets.
UVA Researcher Charged with Computer Intrusion & Trade Secret Theft
Quick Hits  |  8/31/2020  | 
Chinese national Haizhou Hu was researching bio-mimics and fluid dynamics at the University of Virginia.
From Defense to Offense: Giving CISOs Their Due
Commentary  |  8/31/2020  | 
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
Data Privacy Concerns, Lack of Trust Foil Automated Contact Tracing
News  |  8/28/2020  | 
Efforts to create a technology framework for alerting people to whether they have been exposed to an infectious disease have been hindered by a number of key issues.
DNC Warns Campaign Staffers of Dating App Dangers
Quick Hits  |  8/28/2020  | 
The Democratic National Committee advises against sharing too much work and personal information on popular dating apps.
TA542 Returns With Emotet: What's Different Now
Quick Hits  |  8/28/2020  | 
Researchers report the TA542 threat group has made code changes to its malware and started targeting new locations with Emotet.
Ransomware Red Flags: 7 Signs You're About to Get Hit
Slideshows  |  8/28/2020  | 
Caught off guard by a ransomware attack? Security experts say the warning signs were there all along.
Redefining What CISO Success Looks Like
Commentary  |  8/28/2020  | 
Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.
DDoS Attacks Halt NZ Exchange Trading for Third Day
Quick Hits  |  8/27/2020  | 
New Zealand Exchange officials say the motive for the attacks is unclear.
Vulnerability Volume Poised to Overwhelm Infosec Teams
News  |  8/27/2020  | 
The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations.
The Inside Threat from Psychological Manipulators
Commentary  |  8/27/2020  | 
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
How CISOs Can Play a New Role in Defining the Future of Work
Commentary  |  8/27/2020  | 
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
Higher Education CISOs Share COVID-19 Response Stories
News  |  8/26/2020  | 
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
US Warns of Ongoing BeagleBoyz Bank-Theft Operations
Quick Hits  |  8/26/2020  | 
The North Korean operatives have attempted to steal more than $2 billion since 2015 in a series of ongoing campaigns.
6 Signs Your Supply Chain Risk Just Shot Up
Slideshows  |  8/26/2020  | 
Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.
With More Use of Cloud, Passwords Become Even Weaker Link
News  |  8/26/2020  | 
Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Commentary  |  8/26/2020  | 
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Phishing Attack Used Box to Land in Victim Inboxes
News  |  8/25/2020  | 
A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.
Online Business Fraud Down, Consumer Fraud Up
Quick Hits  |  8/25/2020  | 
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.
Three Easy Ways to Avoid Meow-like Database Attacks
Commentary  |  8/25/2020  | 
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
The Fatal Flaw in Data Security
Commentary  |  8/25/2020  | 
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
CISA Releases 5G Security Guidelines
Quick Hits  |  8/24/2020  | 
The new document defines lines of effort for developing security for the growing 5G network.
Attackers Use Unicode & HTML to Bypass Email Security Tools
News  |  8/24/2020  | 
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
DeathStalker APT Targets SMBs with Cyber Espionage
Quick Hits  |  8/24/2020  | 
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Large Ad Network Collects Private Activity Data, Reroutes Clicks
News  |  8/24/2020  | 
A Chinese mobile advertising firm has modified code in the software development kit included in more than 1,200 apps, maliciously collecting user activity and performing ad fraud, says Snyk, a software security firm.
Dark Reading Launches New Section on Physical Security
Commentary  |  8/24/2020  | 
Partnership with IFSEC enables Dark Reading to cover new areas of security and expand its audience.
Average Cost of a Data Breach in 2020: $3.86M
Commentary  |  8/24/2020  | 
When companies defend themselves against cyberattacks, time is money.
University of Utah Pays in Cyber-Extortion Scheme
Quick Hits  |  8/21/2020  | 
Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.
74 Days From the Presidential Election, Security Worries Mount
News  |  8/21/2020  | 
With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.
'Next-Gen' Supply Chain Attacks Surge 430%
News  |  8/21/2020  | 
Attackers are increasingly seeding open source projects with compromised components.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Commentary  |  8/21/2020  | 
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
Cryptominer Found Embedded in AWS Community AMI
News  |  8/21/2020  | 
Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code.
Smart-Lock Hacks Point to Larger IoT Problems
News  |  8/20/2020  | 
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
Twitter Hack: The Spotlight that Insider Threats Need
Commentary  |  8/20/2020  | 
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory
Quick Hits  |  8/20/2020  | 
Researchers discover a lack of explicit memory protections around the shared memory used by the Db2 trace facility.
Banks and the New Abnormal
Commentary  |  8/20/2020  | 
Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.
Fuzzing Services Help Push Technology into DevOps Pipeline
News  |  8/19/2020  | 
As part of a continuous testing approach, fuzzing has evolved to provide in-depth code checks for unknown vulnerabilities before deployment.
Sophisticated P2P Botnet Targeting SSH Servers
News  |  8/19/2020  | 
'FritzFrog' is fileless, uses its own proprietary P2P implementation, and has breached at least 500 servers so far, Guardicore says.
CISA Warns of New RAT Aimed at US Defense Contractors
Quick Hits  |  8/19/2020  | 
Hidden Cobra, an APT group associated with the government of North Korea, is thought to be behind the campaign.
Newly Patched Alexa Flaws a Red Flag for Home Workers
News  |  8/19/2020  | 
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
ICS Vulnerability Reports Rapidly Rise
News  |  8/19/2020  | 
More scrutiny of products for industrial control systems is expected to expose even more weaknesses in devices that run critical infrastructure.
How to Control Security Costs During a Down Economy
Commentary  |  8/19/2020  | 
Three key areas security professionals should watch when managing their budgets.
Stolen Data: The Gift That Keeps on Giving
Commentary  |  8/19/2020  | 
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
Canadian Government Issues Statement on Credential-Stuffing Attacks
Quick Hits  |  8/18/2020  | 
The government is responding to threats targeting the GCKey service and CRA accounts, which are used to access federal services.
New Campaign Combines Extortion, DDoS
Quick Hits  |  8/18/2020  | 
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
Four Ways to Mitigate Supply Chain Security Risks From Ripple20
Commentary  |  8/18/2020  | 
Enterprises can significantly alleviate current and long-standing third-party risk by using tactical and strategic efforts to assess and manage them.
New 'Duri' Campaign Uses HTML Smuggling to Deliver Malware
News  |  8/18/2020  | 
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
Why Quality & Security Both Matter in Software
Commentary  |  8/18/2020  | 
It's time to position quality and security as equals under the metric of software integrity.
Firms Still Struggle to Prioritize Security Vulnerabilities
News  |  8/17/2020  | 
Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows.
Page 1 / 3   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3278
PUBLISHED: 2021-01-26
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2021-3285
PUBLISHED: 2021-01-26
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVE-2021-3286
PUBLISHED: 2021-01-26
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVE-2021-3291
PUBLISHED: 2021-01-26
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVE-2021-3297
PUBLISHED: 2021-01-26
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.