Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Jai Vijayan, Contributing WriterNews
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
By Jai Vijayan Contributing Writer, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
Clear & Present Danger: Data Hoarding Undermines Better Security
Elissa M. Redmiles, Researcher, Max Planck Institute for Software SystemsCommentary
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
By Elissa M. Redmiles Researcher, Max Planck Institute for Software Systems, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
New Malware Downloader Spotted in Targeted Campaigns
Jai Vijayan, Contributing WriterNews
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
By Jai Vijayan Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Did 4 Major Ransomware Groups Truly Form a Cartel?
Robert Lemos, Contributing WriterNews
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
By Robert Lemos Contributing Writer, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Robert Lemos, Contributing WriterNews
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
By Robert Lemos Contributing Writer, 4/5/2021
Comment0 comments  |  Read  |  Post a Comment
7 Security Strategies as Employees Return to the Office
Steve Zurier, Contributing Writer
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
By Steve Zurier Contributing Writer, 4/1/2021
Comment0 comments  |  Read  |  Post a Comment
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/30/2021
Comment1 Comment  |  Read  |  Post a Comment
Ghost Users Haunt Healthcare Firms
Dark Reading Staff, Quick Hits
Data security hygiene severely lacking among healthcare firms, new research shows.
By Dark Reading Staff , 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Builds Out Defensive Tools for Security Teams
Robert Lemos, Contributing WriterNews
Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox.
By Robert Lemos Contributing Writer, 3/29/2021
Comment1 Comment  |  Read  |  Post a Comment
Beware the Package Typosquatting Supply Chain Attack
Kim Lewandowski & Bentz Tozer, Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-TelCommentary
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
By Kim Lewandowski & Bentz Tozer Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-Tel, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Greg Foss, Senior Cybersecurity Strategist, VMware Security Business UnitCommentary
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
By Greg Foss Senior Cybersecurity Strategist, VMware Security Business Unit, 3/17/2021
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Secure the Enterprise Against Tax Scams
Steve Zurier, Contributing Writer
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
By Steve Zurier Contributing Writer, 3/17/2021
Comment0 comments  |  Read  |  Post a Comment
US Schools Faced Record Number of Security Incidents in 2020
Dark Reading Staff, Quick Hits
The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.
By Dark Reading Staff , 3/10/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
John Klossner, CartoonistCommentary
And the winner of Dark Reading's February cartoon caption contest is ...
By John Klossner Cartoonist, 3/9/2021
Comment0 comments  |  Read  |  Post a Comment
Look to Banking as a Model for Stopping Crime-as-a-Service
David Fairman & Samantha Van Stokrom, CSO, APAC / Sales EngineerCommentary
The first step toward prevention is understanding the six most common CaaS services.
By David Fairman & Samantha Van Stokrom CSO, APAC / Sales Engineer, 3/9/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment2 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing WriterNews
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
By Robert Lemos Contributing Writer, 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
New APT Group Targets Airline Industry & Immigration
Jai Vijayan, Contributing WriterNews
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
CVE-2021-3471
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.