Dark Reading | Security | Protect The Business

March 28, 2021

‘ + isblocked); if (isblocked == “notblocked”) { setTimeout(function() { console.log(‘5 second timeout ‘); unhideMainContent(); }, 5000); googletag.pubads().addEventListener(‘slotRenderEnded’, function(event) { if(event.slot.getSlotElementId() == “div-gpt-ad-welcome”) { console.log(‘interstitial unit found’); if(event.isEmpty) { console.log(’empty Interstitial’); unhideMainContent(); } else { console.log(‘not empty Interstitial’); } } }); googletag.enableServices(); } else { unhideMainContent(); } function unhideMainContent() { console.log(‘unhide main content’); var bDiv = document.getElementsByClassName(“content-body-wrapper”); for (var i=0; i

‘);
googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-961777897907396673-4’);});
document.write(”); } 40% of Apps Leaking InformationDark Reading Staff, Quick Hits Apple Patches iOS Zero-DayDark Reading Staff, Quick HitsApple today released iOS 14.4.2 to address a security vulnerability that may have been actively exploited.By Dark Reading Staff , 3/26/2021Comment0 comments  |  Read  |  Post a Comment Microsoft Shares Exchange Server Post-Compromise Attack ActivityKelly Sheridan, Staff Editor, Dark ReadingNewsMicrosoft shares the details of post-exploitation attack activity, including multiple ransomware payloads and a cryptocurrency botnet.By Kelly Sheridan Staff Editor, Dark Reading, 3/26/2021Comment0 comments  |  Read  |  Post a Comment

A Day in the Life of a DevSecOps ManagerEdge Editors, Dark Reading“Most days are good days,” says Rally Health’s Ari Kalfus. But they sure are busy, he tells The Edge.By Edge Editors Dark Reading, 3/26/2021Comment0 comments  |  Read  |  Post a Comment Data Bias in Machine Learning: Implications for Social JusticeChristelle Kamaliza & Suzannah Hicks, Market Research Specialist / Data Scientist & Strategist, IAPPCommentary Moving from DevOps to CloudOps: The Four-Box ProblemSteve Quane, Executive Vice President, Network Defense and Hybrid Cloud Security, Trend MicroCommentaryWith SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way. By Steve Quane Executive Vice President, Network Defense and Hybrid Cloud Security, Trend Micro, 3/26/2021Comment0 comments  |  Read  |  Post a Comment Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov’t CustomersDark Reading Staff, Quick Hits CISA Adds Two Web Shells to Exchange Server GuidanceDark Reading Staff, Quick HitsOfficials update mitigation steps to include two new Malware Analysis Reports identifying Web shells seen in Exchange Server attacks.By Dark Reading Staff , 3/25/2021Comment0 comments  |  Read  |  Post a Comment In Secure Silicon We TrustSamuel Greengard, Freelance WriterBuilding upon a hardware root of trust is becoming a more achievable goal for the masses and the roots are digging deeper. Here’s what you need to know. By Samuel Greengard Freelance Writer, 3/25/2021Comment0 comments  |  Read  |  Post a Comment Nearly Half of Popular Android Apps Built With High-Risk ComponentsRobert Lemos, Contributing WriterNewsInformation leakage and applications asking for too many permissions were also major issues, according to a survey of more than 3,300 popular mobile applications.By Robert Lemos Contributing Writer, 3/25/2021Comment0 comments  |  Read  |  Post a Comment Security Operations in the World We Live in NowAmos Stern, CEO & Co-Founder, SiemplifyCommentaryDespite the challenges of remote work, security operations teams can position themselves well for the future. By Amos Stern CEO & Co-Founder, Siemplify, 3/25/2021Comment0 comments  |  Read  |  Post a Comment The CIO’s Shifting Role: Improving Security With Shared ResponsibilityKeith Neilson, Technical Evangelist for CloudSphereCommentaryCIOs must create a culture centered around cybersecurity that is easily visible and manageable.By Keith Neilson Technical Evangelist for CloudSphere, 3/25/2021Comment0 comments  |  Read  |  Post a Comment How Personally Identifiable Information Can Put Your Company at RiskZack Schuler, Founder and CEO of NINJIOCommentaryBy being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.By Zack Schuler Founder and CEO of NINJIO, 3/25/2021Comment0 comments  |  Read  |  Post a Comment 6 Tips for Limiting Damage From Third-Party AttacksJai Vijayan, Contributing WriterThe ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.By Jai Vijayan Contributing Writer, 3/25/2021Comment0 comments  |  Read  |  Post a Comment Sierra Wireless Website Still Down After Ransomware AttackDark Reading Staff, Quick Hits California State Controller’s Office Suffers Data BreachDark Reading Staff, Quick Hits Ransomware Incidents Continue to Dominate Threat LandscapeJai Vijayan, Contributing WriterNewsCisco Talos’ IR engagements found attackers relied heavily on malware like Zloader and BazarLoader to distribute ransomware in the past three months.By Jai Vijayan Contributing Writer, 3/24/2021Comment0 comments  |  Read  |  Post a Comment Facebook Reports China-Linked Cyberattack Targeting UyghursKelly Sheridan, Staff Editor, Dark ReadingNewsFacebook has removed accounts used to send malicious links to Uyghur people with the goal of infecting their devices.By Kelly Sheridan Staff Editor, Dark Reading, 3/24/2021Comment0 comments  |  Read  |  Post a Comment What a Federal Data Privacy Law Would Mean for ConsumersRob Shavell, CEO of Abine / DeleteMeCommentaryWith an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.By Rob Shavell CEO of Abine / DeleteMe, 3/24/2021Comment1 Comment  |  Read  |  Post a Comment More Stories

Security Now Joins Dark Reading

Find out more about the combination of two of the industry’s leading cybersecurity news sites.

767){ document.write(”); googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-961777897907396673-4’);}); document.write(‘]]>’);
}
Register for Dark Reading Newsletters

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today! Dark Reading - Bug Report Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-29271
PUBLISHED: 2021-03-27

remark42 before 1.6.1 allows XSS, as demonstrated by “Locator: Locator{URL:” followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.

CVE-2021-29272
PUBLISHED: 2021-03-27

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string.

CVE-2021-29249
PUBLISHED: 2021-03-26

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.

CVE-2021-29264
PUBLISHED: 2021-03-26

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are us…

CVE-2021-29265
PUBLISHED: 2021-03-26

An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.

How Enterprises are Developing Secure Applications How Enterprises are Developing Secure Applications Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Flash Poll

1) { currentImage.src = ‘https://img.deusm.com/darkreading/video-arrow_left_on.gif’; } else { currentImage.src = ‘https://img.deusm.com/darkreading/video-arrow_left_off.gif’; } video_reportsLeftArrowButtonMouseoutImgSrc = currentImage.src; currentImage = GetObject(‘video_reports_rightarrowbutton’); // sliding right, change when currentSliderElement gets to this.sliderElementCount if (this.currentSliderElement == this.sliderElementCount) { currentImage.src = ‘https://img.deusm.com/darkreading/video-arrow_right_off.gif’; } else { currentImage.src = ‘https://img.deusm.com/darkreading/video-arrow_right_on.gif’; } video_reportsRightArrowButtonMouseoutImgSrc = currentImage.src; } ]]> Tweets about “from:DarkReading OR @DarkReading”

Source