Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Attackers Find New Way to Exploit Google Docs for Phishing
News  |  6/18/2021  | 
Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
Accidental Insider Leaks Prove Major Source of Risk
Quick Hits  |  6/18/2021  | 
Research reports highlight growing concerns around insider negligence that leads to data breaches.
This Week in Database Leaks: Cognyte, CVS, Wegmans
News  |  6/18/2021  | 
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
4 Habits of Highly Effective Security Operators
Commentary  |  6/18/2021  | 
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
Data Breaches Surge in Food & Beverage, Other Industries
News  |  6/17/2021  | 
Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.
One in Five Manufacturing Firms Targeted by Cyberattacks
News  |  6/17/2021  | 
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
Carnival Cruise Line Reports Security Breach
Quick Hits  |  6/17/2021  | 
The cruise ship operator says the incident affected employee and guest data.
Google Launches SLSA, a New Framework for Supply Chain Integrity
Quick Hits  |  6/17/2021  | 
The "Supply chain Levels for Software Artifacts" aims to ensure the integrity of components throughout the software supply chain.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Commentary  |  6/17/2021  | 
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Mission Critical: What Really Matters in a Cybersecurity Incident
Commentary  |  6/17/2021  | 
The things you do before and during a cybersecurity incident can make or break the success of your response.
Ukraine Police Disrupt Cl0p Ransomware Operation
News  |  6/16/2021  | 
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.
Ransomware Operators' Strategies Evolve as Attacks Rise
News  |  6/16/2021  | 
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.
Biden Tells Putin Critical Infrastructure Sectors 'Off Limits' to Russian Hacking
Quick Hits  |  6/16/2021  | 
President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.
Security Flaw Discovered In Peloton Equipment
Quick Hits  |  6/16/2021  | 
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World
Commentary  |  6/16/2021  | 
Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
Russian National Convicted on Charges Related to Kelihos Botnet
Quick Hits  |  6/16/2021  | 
Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.
Keeping Your Organization Secure When Dealing With the Unexpected
Commentary  |  6/16/2021  | 
There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.
Don't Get Stymied by Security Indecision
Commentary  |  6/16/2021  | 
You might be increasing cyber-risk by not actively working to reduce it.
Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet
News  |  6/15/2021  | 
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
News  |  6/15/2021  | 
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.
Security Experts Scrutinize Apple, Amazon IoT Networks
News  |  6/15/2021  | 
Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.
Andariel Group Targets South Korean Entities in New Campaign
Quick Hits  |  6/15/2021  | 
Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.
Deloitte Buys Terbium Labs to Expand Threat Intel Capabilities
Quick Hits  |  6/15/2021  | 
Terbium Labs' products and services will become part of Deloitte's Detect & Respond lineup, the company confirms.
What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain
Commentary  |  6/15/2021  | 
Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.
How Does the Government Buy Its Cybersecurity?
Commentary  |  6/15/2021  | 
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
VPN Attacks Surged in First Quarter
News  |  6/14/2021  | 
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.
Cyber Analytics Database Exposed 5 Billion Records Online
Quick Hits  |  6/14/2021  | 
In an ironic twist, Cognyte's data alerts customers to third-party data exposures.
Google Workspace Adds Client-Side Encryption
Quick Hits  |  6/14/2021  | 
Users given control over encryption keys, Google says.
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
News  |  6/14/2021  | 
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
Commentary  |  6/14/2021  | 
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
Name That Toon: Sight Unseen
Commentary  |  6/14/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Commentary  |  6/14/2021  | 
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
Trickbot Investigation Shows Details of Massive Cybercrime Effort
News  |  6/11/2021  | 
Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.
McDonald's Data Breach Exposed Business & Customer Data
Quick Hits  |  6/11/2021  | 
An investigation has revealed company data has been breached in the United States, South Korea, and Taiwan.
Details Emerge on How Gaming Giant EA Was Hacked
Quick Hits  |  6/11/2021  | 
Hacking group stole source code to FIFA 21 and the company's Frostbite engine.
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
News  |  6/11/2021  | 
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
Secure Access Trade-offs for DevSecOps Teams
Commentary  |  6/11/2021  | 
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
New Ransomware Group Claiming Connection to REvil Gang Surfaces
News  |  6/10/2021  | 
"Prometheus" is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly.
'Fancy Lazarus' Criminal Group Launches DDoS Extortion Campaign
News  |  6/10/2021  | 
The group has re-emerged after a brief hiatus with a new email campaign threatening a DDoS attack against businesses that don't pay ransom.
Healthcare Device Security Firm COO Charged With Hacking Medical Center
Quick Hits  |  6/10/2021  | 
Vikas Singla, chief operating officer of security firm that provides products and services to the healthcare industry, faces charges surrounding a cyberattack he allegedly conducted against Duluth, Ga.-based Gwinnett Medical Center.
JBS CEO Says Company Paid $11M in Ransom
Quick Hits  |  6/10/2021  | 
The decision to pay attackers was a difficult one, CEO Andre Nogueira said in a statement.
The Workforce Shortage in Cybersecurity Is a Myth
Commentary  |  6/10/2021  | 
What we really have is an automation-in-the-wrong-place problem.
Intl. Law Enforcement Operation Disrupts Slilpp Marketplace
Quick Hits  |  6/10/2021  | 
A seizure warrant affidavit unsealed today states Slilpp had sold allegedly stolen login credentials since 2012.
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary  |  6/10/2021  | 
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
Cyber Is the New Cold War & AI Is the Arms Race
Commentary  |  6/10/2021  | 
Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.
Required MFA Is Not Sufficient for Strong Security: Report
News  |  6/9/2021  | 
Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.
RSA Spins Off Fraud & Risk Intelligence Unit
News  |  6/9/2021  | 
The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis.
CISA Addresses Rise in Ransomware Threatening OT Assets
Quick Hits  |  6/9/2021  | 
The agency has released guidance in response to a rise of ransomware attacks affecting OT assets and control systems.
New Security Event @Hack to Take Place in Saudi Arabia
Quick Hits  |  6/9/2021  | 
The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.
With Cloud, CDO and CISO Concerns Are Equally Important
Commentary  |  6/9/2021  | 
Navigated properly, a melding of these complementary perspectives can help keep an organization more secure.
Page 1 / 2   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.