WannaCry Remains No. 1 Ransomware Weapon

Network Computing Dark Reading

Advertise

About Us

Oldest First | Newest First | Threaded View

[close this box]

50%

REISEN1955,
User Rank: Ninja
8/27/2019 | 2:54:38 PM

Re: The most effective defense?

True and the OS update issue is the responsibility of the IT staff and team to make clear and evident - THAT is their job and all too often, well, disrupting the business is just TOO HARD. Like that patch that brought down Equifax. Right? I work with a CSirt team using great tools and while every firm and small business may not have access, it still has to be tackled as best allowed. But keeping old W7 systems running now is asking for trouble. As it was with XP ( of which alot of that is still out there on legacy boxes). The IT staff has a daunting job sometimes but it is THEIR JOB and if they do not like it, there are always trade school courses on welding.

Disclaimer: I am something of an expert on disaster recovery techniques when 18 years ago I had to walk down out of my office building in lower Manhattan and shortly later the data center on the 103rd floor of the south tower followed me down. I am a survivor of that day from Aon, on the 101st floor, S-tower, of the World Trade Center.

Reply | Post Message | Messages List | Start a Board

50%

sudeshkumar,
User Rank: Apprentice
9/2/2019 | 7:22:05 AM

Re: WannaCry

I heard of this virus. few months ago it was one of the most famous virus.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 10/1/2020

9 Tips to Prepare for the Future of Cloud & Network Security

Kelly Sheridan, Staff Editor, Dark Reading, 9/28/2020

Attacker Dwell Time: Ransomware's Most Important Metric

Ricardo Villadiego, Founder and CEO of Lumu, 9/30/2020

Live Events

Webinars

Network Automation Summit presented by Network to Code at Interop Digital

Earn (ISC)2 CPEs at Interop Digital, Oct 5-8

Interop Digital, Oct. 5-8; Learn the skills necessary for managing a IT Org

More Informa Tech Live Events

White Papers

[Forrester Research] The State of Data Security & Privacy

2020 SANS Cyber Threat Intelligence

Automate Digital Certificate Lifecycle Management

Key Steps in Satisfying Your CCPA and Other Privacy Obligations

CISO Conversations: Moving OT Development to the Cloud

More White Papers

Cartoon

Latest Comment: Well my facial recognition system didn't recognize you without your mask!

Cartoon Archive

Current Issue

Special Report: Computing's New Normal

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How IT Security Organizations are Attacking the Cybersecurity Problem

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-24860
PUBLISHED: 2020-10-01

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

CVE-2020-24861
PUBLISHED: 2020-10-01

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page

CVE-2020-25990
PUBLISHED: 2020-10-01

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CVE-2020-8109
PUBLISHED: 2020-10-01

A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior vers...

CVE-2019-20902
PUBLISHED: 2020-10-01

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]