Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Did Companies Fail to Disclose Being Affected by SolarWinds Breach?
Jai Vijayan, Contributing WriterNews
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
By Jai Vijayan Contributing Writer, 6/21/2021
Comment0 comments  |  Read  |  Post a Comment
Software-Container Supply Chain Sees Spike in Attacks
Robert Lemos, Contributing WriterNews
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
By Robert Lemos Contributing Writer, 6/21/2021
Comment0 comments  |  Read  |  Post a Comment
Data Leaked in Fertility Clinic Ransomware Attack
Dark Reading Staff, Quick Hits
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.
By Dark Reading Staff , 6/21/2021
Comment0 comments  |  Read  |  Post a Comment
Are Ransomware Attacks the New Pandemic?
Bill Harrod, Federal CTO, IvantiCommentary
Ransomware has been a problem for decades, so why is government just now beginning to address it?
By Bill Harrod Federal CTO, Ivanti, 6/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Find New Way to Exploit Google Docs for Phishing
Jai Vijayan, Contributing WriterNews
Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
By Jai Vijayan Contributing Writer, 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
This Week in Database Leaks: Cognyte, CVS, Wegmans
Kelly Sheridan, Staff Editor, Dark ReadingNews
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
Accidental Insider Leaks Prove Major Source of Risk
Dark Reading Staff, Quick Hits
Research reports highlight growing concerns around insider negligence that leads to data breaches.
By Dark Reading Staff , 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
4 Habits of Highly Effective Security Operators
Ricardo Villadiego, Founder and CEO of LumuCommentary
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
By Ricardo Villadiego Founder and CEO of Lumu, 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
Carnival Cruise Line Reports Security Breach
Dark Reading Staff, Quick Hits
The cruise ship operator says the incident affected employee and guest data.
By Dark Reading Staff , 6/17/2021
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of TessianCommentary
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
By Tim Sadler CEO and co-founder of Tessian, 6/17/2021
Comment0 comments  |  Read  |  Post a Comment
Mission Critical: What Really Matters in a Cybersecurity Incident
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The things you do before and during a cybersecurity incident can make or break the success of your response.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 6/17/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Operators' Strategies Evolve as Attacks Rise
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.
By Kelly Sheridan Staff Editor, Dark Reading, 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Biden Tells Putin Critical Infrastructure Sectors 'Off Limits' to Russian Hacking
Dark Reading Staff, Quick Hits
President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.
By Dark Reading Staff , 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Security Flaw Discovered In Peloton Equipment
Dark Reading Staff, Quick Hits
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
By Dark Reading Staff , 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World
Greg Valentine, Senior Cybersecurity Director, Capgemini North AmericaCommentary
Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
By Greg Valentine Senior Cybersecurity Director, Capgemini North America, 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Russian National Convicted on Charges Related to Kelihos Botnet
Dark Reading Staff, Quick Hits
Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.
By Dark Reading Staff , 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Don't Get Stymied by Security Indecision
Alex Pezold, Founder & Chief Executive Officer, TokenExCommentary
You might be increasing cyber-risk by not actively working to reduce it.
By Alex Pezold Founder & Chief Executive Officer, TokenEx, 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet
Jai Vijayan, Contributing WriterNews
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.
By Jai Vijayan Contributing Writer, 6/15/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.
By Kelly Sheridan Staff Editor, Dark Reading, 6/15/2021
Comment0 comments  |  Read  |  Post a Comment
Security Experts Scrutinize Apple, Amazon IoT Networks
Robert Lemos, Contributing WriterNews
Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.
By Robert Lemos Contributing Writer, 6/15/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35196
PUBLISHED: 2021-06-21
** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended fo...
CVE-2010-1433
PUBLISHED: 2021-06-21
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauth...
CVE-2010-1434
PUBLISHED: 2021-06-21
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulne...
CVE-2010-1435
PUBLISHED: 2021-06-21
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5...
CVE-2010-0413
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.