Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in March 2019
Security Experts, Not Users, Are the Weakest Link
Commentary  |  3/1/2019  | 
CISOs: Stop abdicating responsibility for problems with users it's part of your job.
Crowdsourced vs. Traditional Pen Testing
Commentary  |  3/19/2019  | 
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
4 Ways At-Work Apps Are Vulnerable to Attack
Commentary  |  3/7/2019  | 
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
Under Attack: Over Half of SMBs Breached Last Year
Commentary  |  3/26/2019  | 
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
A Glass Ceiling? Not in Privacy
Commentary  |  3/25/2019  | 
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
Quantum Computing and Code-Breaking
Commentary  |  3/28/2019  | 
Prepare today for the quantum threats of tomorrow.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Commentary  |  3/28/2019  | 
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
20 Years of STRIDE: Looking Back, Looking Forward
Commentary  |  3/29/2019  | 
The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
Here's What Happened When a SOC Embraced Automation
Commentary  |  3/4/2019  | 
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
TLS 1.3: A Good News/Bad News Scenario
Commentary  |  3/20/2019  | 
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Commentary  |  3/21/2019  | 
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23270
PUBLISHED: 2021-04-12
In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a lo...
CVE-2021-29302
PUBLISHED: 2021-04-12
TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution.
CVE-2021-29357
PUBLISHED: 2021-04-12
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVE-2021-3125
PUBLISHED: 2021-04-12
In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its u...
CVE-2021-3128
PUBLISHED: 2021-04-12
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link...