Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2020
<<   <   Page 2 / 3   >   >>
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing
News  |  8/17/2020  | 
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.
REvil Ransomware Hits Jack Daniel's Manufacturer
Quick Hits  |  8/17/2020  | 
Attackers who targeted US spirits manufacturer Brown-Forman reportedly stole a terabyte of confidential data.
The IT Backbone of Cybercrime
Commentary  |  8/17/2020  | 
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.
IcedID Shows Obfuscation Sophistication in New Campaign
Quick Hits  |  8/14/2020  | 
The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Quick Hits  |  8/14/2020  | 
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
CISA Warns of Phishing Campaign with Loan-Relief Lure
Quick Hits  |  8/13/2020  | 
Phishing emails and fake website promise help with the Small Business Administration's program that aids those affected by COVID-19.
Healthcare Industry Sees Respite From Attacks in First Half of 2020
News  |  8/13/2020  | 
Breach disclosures are down, and reported ransomware attacks have also plummeted. Good news -- or a calm before the storm?
RedCurl APT Group Hacks Global Companies for Corporate Espionage
News  |  8/13/2020  | 
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
The Race to Hack a Satellite at DEF CON
News  |  8/13/2020  | 
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
Boeing's DEF CON Debut a Sign of the Times
News  |  8/13/2020  | 
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to "embrace" the hacker community.
Secure Development Takes a (Remote) Village
Commentary  |  8/13/2020  | 
The shift to work from home isn't just about giving your Dev team the physical tools they need.
NSA & FBI Disclose New Russian Cyberespionage Malware
Quick Hits  |  8/13/2020  | 
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Commentary  |  8/13/2020  | 
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
Emotet Return Brings New Tactics & Evasion Techniques
News  |  8/13/2020  | 
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
FireEye Announces New Bug-Bounty Program
Quick Hits  |  8/12/2020  | 
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.
Using 'Data for Good' to Control the Pandemic
Commentary  |  8/12/2020  | 
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
SANS Security Training Firm Hit with Data Breach
Quick Hits  |  8/12/2020  | 
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Commentary  |  8/12/2020  | 
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
News  |  8/12/2020  | 
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
News  |  8/11/2020  | 
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
News  |  8/11/2020  | 
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Quick Hits  |  8/11/2020  | 
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
Is Edtech the Greatest APT?
News  |  8/11/2020  | 
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
EU-US Privacy Shield Dissolution: What Happens Next?
Commentary  |  8/11/2020  | 
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
How to Help Spoil the Cybercrime Economy
Commentary  |  8/11/2020  | 
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
17 Essential Stats About the State of Consumer Privacy
Slideshows  |  8/11/2020  | 
These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data.
Gamifying Password Training Shows Security Benefits
News  |  8/10/2020  | 
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
Better Business Bureau Warns of New Visa Scam
Quick Hits  |  8/10/2020  | 
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.
Lock-Pickers Face an Uncertain Future Online
News  |  8/10/2020  | 
Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown.
Q2 DDoS Attacks Triple Year Over Year: Report
Quick Hits  |  8/10/2020  | 
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.
Reddit Attack Defaces Dozens of Channels
Quick Hits  |  8/7/2020  | 
The attack has defaced the channels with images and content supporting Donald Trump.
Hacking the PLC via Its Engineering Software
News  |  8/7/2020  | 
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
News  |  8/7/2020  | 
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
Researcher Finds New Office Macro Attacks for MacOS
News  |  8/7/2020  | 
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Researchers Create New Framework to Evaluate User Security Awareness
News  |  8/6/2020  | 
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
A Mix of Optimism and Pessimism for Security of the 2020 Election
News  |  8/6/2020  | 
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
On 'Invisible Salamanders' and Insecure Messages
News  |  8/6/2020  | 
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
Exploiting Google Cloud Platform With Ease
News  |  8/6/2020  | 
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Why Satellite Communication Eavesdropping Will Remain A Problem
News  |  8/6/2020  | 
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
Remotely Hacking Operations Technology Systems
News  |  8/6/2020  | 
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
News  |  8/6/2020  | 
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
Counting for Good: Hardware Counters Un-mask Malware
News  |  8/6/2020  | 
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
2019 Breach Leads to $80 Million Fine for Capital One
Quick Hits  |  8/6/2020  | 
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
Ripple20: More Vulnerable Devices Identified
Quick Hits  |  8/6/2020  | 
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
What a Security Engineer & Software Engineer Learned by Swapping Roles
News  |  8/5/2020  | 
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...