Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Intl. Law Enforcement Operation Disrupts Emotet Botnet
Kelly Sheridan, Staff Editor, Dark ReadingNews
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
By Kelly Sheridan Staff Editor, Dark Reading, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
4 Clues to Spot a Bot Network
Kevin Graham, VP Canada & CALA Operations and Business Development, Babel StreetCommentary
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
By Kevin Graham VP Canada & CALA Operations and Business Development, Babel Street, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Patches Three iOS Zero-Day Vulnerabilities
Dark Reading Staff, Quick Hits
New iOS 14.4 update available for iPhones and iPads.
By Dark Reading Staff , 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
LogoKit Group Aims for Simple Yet Effective Phishing
Robert Lemos, Contributing WriterNews
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.
By Robert Lemos Contributing Writer, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Pay-or-Get-Breached Ransomware Schemes Take Off
Robert Lemos, Contributing WriterNews
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
By Robert Lemos Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
North Korean Attackers Target Security Researchers via Social Media: Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
By Kelly Sheridan Staff Editor, Dark Reading, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
BEC Scammers Find New Ways to Navigate Microsoft 365
Dark Reading Staff, Quick Hits
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
By Dark Reading Staff , 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Patrick Walsh, Senior Vice President, Training & Technology, SkillstormCommentary
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
By Patrick Walsh Senior Vice President, Training & Technology, Skillstorm, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Mainframe Security Automation Is Not a Luxury
John McKenny, SVP/GM of ZSolutions, BMC SoftwareCommentary
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
By John McKenny SVP/GM of ZSolutions, BMC Software, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Deloitte & Touche Buys Threat-Hunting Firm
Dark Reading Staff, Quick Hits
Root9B (R9B) offers threat hunting and other managed security services.
By Dark Reading Staff , 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Leo Simonovich, VP & Global Head, Industrial Cyber and Digital Security, Siemens EnergyCommentary
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
By Leo Simonovich VP & Global Head, Industrial Cyber and Digital Security, Siemens Energy, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
Robert Lemos, Contributing WriterNews
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
By Robert Lemos Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Why North Korea Excels in Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Data Shows Attackers Switched Gears in 2020
Robert Lemos, Contributing WriterNews
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
By Robert Lemos Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment1 Comment  |  Read  |  Post a Comment
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
By Bernie Brode Nano Product Researcher, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Robert Lemos, Contributing WriterNews
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
By Robert Lemos Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Tips for a Bulletproof War Room Strategy
Lee Chieffalo, Technical Director of Cybersecurity Operations at ViasatCommentary
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
By Lee Chieffalo Technical Director of Cybersecurity Operations at Viasat, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3331
PUBLISHED: 2021-01-27
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
CVE-2021-3326
PUBLISHED: 2021-01-27
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-22641
PUBLISHED: 2021-01-27
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22653
PUBLISHED: 2021-01-27
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22655
PUBLISHED: 2021-01-27
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).