Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
Jai Vijayan, Contributing WriterNews
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
By Jai Vijayan Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Access Trade-offs for DevSecOps Teams
Ev Kontsevoy, CEO of TeleportCommentary
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
By Ev Kontsevoy CEO of Teleport, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
NY & Mass. Transportation Providers Targeted in Recent Attacks
Dark Reading Staff, Quick Hits
New York's Metropolitan Transportation Authority and the Steamship Authority of Massachusetts were both victims of cyberattacks.
By Dark Reading Staff , 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The True Cost of a Ransomware Attack
Tyler Hudak, Practice Lead, Incident Response, at TrustedSecCommentary
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
By Tyler Hudak Practice Lead, Incident Response, at TrustedSec, 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Dan Verton, Director, ThreatConnectCommentary
Why business leaders must adopt a risk-led approach to cybersecurity.
By Dan Verton Director, ThreatConnect, 6/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in
Dark Reading Staff, Quick Hits
The plug-in under active attack has been installed on more than 17,000 websites, say researchers.
By Dark Reading Staff , 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Adam Darrah, Director of Intelligence, VigilanteCommentary
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
By Adam Darrah Director of Intelligence, Vigilante, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Processor Morphs Its Architecture to Make Hacking Really Hard
Robert Lemos, Contributing WriterNews
Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.
By Robert Lemos Contributing Writer, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Meat Producer JBS USA Hit By Ransomware Attack
Dark Reading Staff, Quick Hits
The company says recovery from the attack may delay transactions with customers and suppliers.
By Dark Reading Staff , 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
CISO Confidence Is Rising, but Issues Remain
Marc Wilczek, Digital Strategist & COO of Link11Commentary
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.
By Marc Wilczek Digital Strategist & COO of Link11, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Dark Reading Staff, Quick Hits
A new study examines the tools and technologies driving investment and activities for security operations centers.
By Dark Reading Staff , 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
Plug-ins for Code Editors Pose Developer-Security Threat
Robert Lemos, Contributing WriterNews
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
By Robert Lemos Contributing Writer, 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
Bug Bounties and the Cobra Effect
Oleg Brodt, R&D Director of Deutsche Telekom Innovation Labs, Israel, and Chief Innovation Officer for Cyber@Ben-Gurion UniversityCommentary
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
By Oleg Brodt R&D Director of Deutsche Telekom Innovation Labs, Israel, and Chief Innovation Officer for [email protected] University, 5/26/2021
Comment0 comments  |  Read  |  Post a Comment
The Adversary Within: Preventing Disaster From Insider Threats
Kevin Dunne, President, PathlockCommentary
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
By Kevin Dunne President, Pathlock, 5/25/2021
Comment0 comments  |  Read  |  Post a Comment
Former FBI Employee Indicted for Taking Documents Home
Dark Reading Staff, Quick Hits
The long-time intelligence analyst was accused of inappropriately handling documents related to national security.
By Dark Reading Staff , 5/24/2021
Comment0 comments  |  Read  |  Post a Comment
Data in Danger Amid New IT Challenges
Dark Reading Staff, Quick Hits
Survey finds new threats due to the pandemic make managing enterprise cyber-risk even more challenging.
By Dark Reading Staff , 5/21/2021
Comment0 comments  |  Read  |  Post a Comment
Latest Security News From RSAC 2021
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.
By Dark Reading Staff , 5/21/2021
Comment0 comments  |  Read  |  Post a Comment
Dev-Sec Disconnect Undermines Secure Coding Efforts
Robert Lemos, Contributing WriterNews
Rather than continue to complain about each other, developers and security pros need to work together and celebrate their successes.
By Robert Lemos Contributing Writer, 5/20/2021
Comment0 comments  |  Read  |  Post a Comment
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations
Jai Vijayan, Contributing WriterNews
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
By Jai Vijayan Contributing Writer, 5/20/2021
Comment0 comments  |  Read  |  Post a Comment
FBI's IC3 Logs 1M Complaints in 14 Months
Dark Reading Staff, Quick Hits
The FBI's IC3 reports COVID-related scams and an increase in online retail may be behind the upswing in complaints.
By Dark Reading Staff , 5/18/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.