Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Ransomware Disrupts Operations at Packaging Giant WestRock
News  |  1/26/2021  | 
Incident is another reminder of how vulnerable OT environments are to attack, security experts say.
Pay-or-Get-Breached Ransomware Schemes Take Off
News  |  1/26/2021  | 
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
North Korean Attackers Target Security Researchers via Social Media: Google
News  |  1/26/2021  | 
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
Privacy Teams Helped Navigate the Pivot to Work-from-Home
News  |  1/26/2021  | 
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Quick Hits  |  1/26/2021  | 
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
BEC Scammers Find New Ways to Navigate Microsoft 365
Quick Hits  |  1/26/2021  | 
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Commentary  |  1/26/2021  | 
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
Commentary  |  1/26/2021  | 
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
Startup Offers Free Version of its 'Passwordless' Technology
News  |  1/26/2021  | 
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.
Critical Vulns Discovered in Vendor Implementations of Key OT Protocol
News  |  1/25/2021  | 
Flaws allow denial-of-service attacks and other malicious activity, Claroty says.
SonicWall Is Latest Security Vendor to Disclose Cyberattack
News  |  1/25/2021  | 
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
Deloitte & Touche Buys Threat-Hunting Firm
Quick Hits  |  1/25/2021  | 
Root9B (R9B) offers threat hunting and other managed security services.
Small Security Teams Have Big Security Fears, CISOs Report
Quick Hits  |  1/25/2021  | 
Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.
How to Better Secure Your Microsoft 365 Environment
Slideshows  |  1/25/2021  | 
Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Intel Confirms Unauthorized Access of Earnings-Related Data
News  |  1/22/2021  | 
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
News  |  1/22/2021  | 
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
News  |  1/21/2021  | 
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
Breach Data Shows Attackers Switched Gears in 2020
News  |  1/21/2021  | 
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
Attackers Leave Stolen Credentials Searchable on Google
News  |  1/21/2021  | 
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
7 Steps to Secure a WordPress Site
Slideshows  |  1/21/2021  | 
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Microsoft Releases New Info on SolarWinds Attack Chain
News  |  1/20/2021  | 
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
News  |  1/20/2021  | 
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
Vulnerabilities in Popular DNS Software Allow Poisoning
News  |  1/19/2021  | 
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Quick Hits  |  1/19/2021  | 
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
News  |  1/19/2021  | 
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
NSA Appoints Rob Joyce as Cyber Director
Quick Hits  |  1/15/2021  | 
Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.
Successful Malware Incidents Rise as Attackers Shift Tactics
News  |  1/15/2021  | 
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
How to Achieve Collaboration Tool Compliance
Commentary  |  1/15/2021  | 
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
News  |  1/14/2021  | 
A new machine learning tool aims to mine privacy policies on behalf of users.
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Quick Hits  |  1/14/2021  | 
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
Businesses Struggle with Cloud Availability as Attackers Take Aim
News  |  1/14/2021  | 
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
NSA Recommends Using Only 'Designated' DNS Resolvers
Quick Hits  |  1/14/2021  | 
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
News  |  1/14/2021  | 
It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?
Vulnerability Management Has a Data Problem
Commentary  |  1/14/2021  | 
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Quick Hits  |  1/13/2021  | 
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
Huntress Acquires EDR Technology From Level Effect
Quick Hits  |  1/13/2021  | 
Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
News  |  1/13/2021  | 
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
More SolarWinds Attack Details Emerge
News  |  1/12/2021  | 
A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia.
United Nations Security Flaw Exposed 100K Staff Records
Quick Hits  |  1/12/2021  | 
Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
News  |  1/12/2021  | 
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
How to Boost Executive Buy-In for Security Investments
Commentary  |  1/12/2021  | 
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Security Operations Struggle to Defend Value, Keep Workers
News  |  1/12/2021  | 
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3317
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2013-2512
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
CVE-2021-3165
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
CVE-2021-1071
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...