Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Test-DEU-169665
News  |  4/14/2021  | 
President Biden has nominated Jen Easterly as the new director of CISA and is expected to nominate Chris Inglis as the first national cyber director.
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
News  |  4/13/2021  | 
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
NSA Alerted Microsoft to New Exchange Server Vulnerabilities
News  |  4/13/2021  | 
Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day.
Compromised Microsoft Exchange Server Used to Host Cryptominer
Quick Hits  |  4/13/2021  | 
Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server.
Global Dwell Time Drops as Ransomware Attacks Accelerate
News  |  4/13/2021  | 
The length of time attackers remain undiscovered in a target network has fallen to 24 days, researchers report, but ransomware plays a role.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
Commentary  |  4/13/2021  | 
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Commentary  |  4/13/2021  | 
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Biden Nominates Former NSA Officials for Top Cybersecurity Roles
News  |  4/12/2021  | 
President Biden has nominated Jen Easterly as the new director of CISA and is expected to nominate Chris Inglis as the first national cyber director.
Microsoft Warns of Malware Delivery via Google URLs
Quick Hits  |  4/12/2021  | 
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.
Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy
Quick Hits  |  4/12/2021  | 
Jerome Powell tells 60 Minutes that cyberattacks have the potential to do major damage to US financial system.
Microsoft Uses Machine Learning to Predict Attackers' Next Steps
News  |  4/12/2021  | 
Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move.
New Malware Downloader Spotted in Targeted Campaigns
News  |  4/12/2021  | 
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
Wake Up and Smell the JavaScript
Commentary  |  4/12/2021  | 
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
CISA Launches New Threat Detection Dashboard
Quick Hits  |  4/9/2021  | 
Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
Unofficial Android App Store APKPure Infected With Malware
Quick Hits  |  4/9/2021  | 
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
8 Security & Privacy Apps to Share With Family and Friends
Slideshows  |  4/9/2021  | 
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Commentary  |  4/9/2021  | 
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own
News  |  4/8/2021  | 
White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
Fraudsters Use HTML Legos to Evade Detection in Phishing Attack
Quick Hits  |  4/8/2021  | 
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.
600K Payment Card Records Leaked After Swarmshop Breach
Quick Hits  |  4/8/2021  | 
A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Commentary  |  4/8/2021  | 
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
SecOps and DevOps: From Cooperation to Automation
SecOps and DevOps: From Cooperation to Automation
Dark Reading Videos  |  4/7/2021  | 
Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps.
Did 4 Major Ransomware Groups Truly Form a Cartel?
News  |  4/7/2021  | 
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
Voice-Changing Software Found on APT Attackers' Server
Quick Hits  |  4/7/2021  | 
Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.
Cring Ransomware Used in Attacks on European Industrial Firms
Quick Hits  |  4/7/2021  | 
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
Fortune 500 Security Shows Progress and Pitfalls
News  |  4/7/2021  | 
Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.
Rethinking Cyberattack Response: Prevention & Preparedness
Commentary  |  4/7/2021  | 
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
Commentary  |  4/7/2021  | 
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
Attackers Actively Seeking, Exploiting Vulnerable SAP Applications
News  |  4/7/2021  | 
Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates.
Cartoon Caption Winner: Something Seems Afoul
Commentary  |  4/7/2021  | 
And the winner of Dark Readings's March cartoon caption contest is ...
Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
Quick Hits  |  4/6/2021  | 
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.
Security Falls Short in Rapid COVID Cloud Migration
Quick Hits  |  4/6/2021  | 
The quick pivot to the cloud for remote support also ushered in risks.
Crime Service Gives Firms Another Reason to Purge Macros
News  |  4/6/2021  | 
Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.
Ryuk's Rampage Has Lessons for the Enterprise
Commentary  |  4/6/2021  | 
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Commentary  |  4/6/2021  | 
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
LinkedIn Phishing Ramps Up With More-Targeted Attacks
News  |  4/5/2021  | 
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
Kaspersky Uncovers New APAC Cyberespionage Campaign
Quick Hits  |  4/5/2021  | 
A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.
Data from 553 Million Facebook Accounts Leaked Online
Quick Hits  |  4/5/2021  | 
Personal information belonging to more than 533 million Facebook users was found available on a cybercrime forum.
7 Ways to Reduce Cyber Threats From Remote Workers
Commentary  |  4/5/2021  | 
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
Inside the Ransomware Campaigns Targeting Exchange Servers
News  |  4/2/2021  | 
Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month.
Hackers Demand $40M in Ransom From Florida School District
Quick Hits  |  4/2/2021  | 
District officials say they have no intention of paying the ransom
FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities
Quick Hits  |  4/2/2021  | 
A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS.
US Tech Dominance Rides on Securing Intellectual Property
Commentary  |  4/2/2021  | 
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It
News  |  4/1/2021  | 
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
7 Security Strategies as Employees Return to the Office
Slideshows  |  4/1/2021  | 
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
Kansas Man Indicted for Hacking, Tampering With Water Utility System
Quick Hits  |  4/1/2021  | 
Attacker disabled water-purification operation systems "with intention of harming" the rural water district.
NIST Publishes Guide for Securing Hotel Property Management Systems
Quick Hits  |  4/1/2021  | 
These sensitive systems store guests' personal data and payment-card information.
Solving the Leadership Buy-In Impasse With Data
Commentary  |  4/1/2021  | 
Justify your requirements with real numbers to get support for security investments.
Page 1 / 2   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.