Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
How the Shady Zero-Day Sales Game Is Evolving
6 Open Source Tools for Your Security Team
More SolarWinds Attack Details Emerge
COVID-19: Latest Security News & Commentary
News & Commentary
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Jai Vijayan, Contributing WriterNews
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
By Jai Vijayan Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Data Shows Attackers Switched Gears in 2020
Robert Lemos, Contributing WriterNews
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
By Robert Lemos Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
By Bernie Brode Nano Product Researcher, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Hacker Pig Latin: A Base64 Primer for Security Analysts
Daniel Smallwood, Senior Threat Research Engineer, IronNet
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
By Daniel Smallwood Senior Threat Research Engineer, IronNet, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases New Info on SolarWinds Attack Chain
Jai Vijayan, Contributing WriterNews
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
By Jai Vijayan Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Robert Lemos, Contributing WriterNews
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
By Robert Lemos Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Tips for a Bulletproof War Room Strategy
Lee Chieffalo, Technical Director of Cybersecurity Operations at ViasatCommentary
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
By Lee Chieffalo Technical Director of Cybersecurity Operations at Viasat, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Popular DNS Software Allow Poisoning
Robert Lemos, Contributing WriterNews
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
By Robert Lemos Contributing Writer, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Dark Reading Staff, Quick Hits
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
By Dark Reading Staff , 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
4 Intriguing Email Attacks Detected by AI in 2020
Edge Editors, Dark Reading
Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)
By Edge Editors Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
The Most Pressing Concerns Facing CISOs Today
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
By John Worrall Chief Executive Officer at ZeroNorth, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
A Security Practitioner's Guide to Encrypted DNS
Jamie Brim, Corelight Security ResearcherCommentary
Best practices for a shifting visibility landscape.
By Jamie Brim Corelight Security Researcher, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff, Quick Hits
Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.
By Dark Reading Staff , 1/15/2021
Comment1 Comment  |  Read  |  Post a Comment
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Before I Go ...
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 1/15/2021
Comment10 comments  |  Read  |  Post a Comment
How to Achieve Collaboration Tool Compliance
Marc Gilman, VP of Compliance and General Counsel, Theta LakeCommentary
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
By Marc Gilman VP of Compliance and General Counsel, Theta Lake, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Valtix Secures $12.5M Strategic Investments
NextGen Cyber Talent Announces its First Pilot Cohort and Governing Board
TAG Cyber Collaborates with Kean University Center for Cybersecurity to Award Grants to Students
Over Half of UK Businesses Cite Security Concerns as Biggest Barrier to Public Cloud Adoption
New Podcast Launches Focused on Security Start-up Entrepreneurs
Varonis Announces New Features to Combat Insider Threats and Collaboration Risks in Microsoft 365
Swimlane Raises $40M Growth Round to Deliver Hyper Automated Security Operations
Cybersecurity and Networking Staffing Company CIBR Warriors Launches Nationwide
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Hacker Pig Latin: A Base64 Primer for Security Analysts
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
4 Intriguing Email Attacks Detected by AI in 2020
Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)
Name That Toon: Before I Go ...
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I like the old version of Google assistant much better.
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed