Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in March 2021
What's So Great About XDR?
Commentary  |  3/31/2021  | 
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.
Advice From Security Experts: How to Approach Security in the New Normal
Commentary  |  3/31/2021  | 
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Watch Out for These Cyber-Risks
Commentary  |  3/30/2021  | 
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Commentary  |  3/30/2021  | 
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
4 Open Source Tools to Add to Your Security Arsenal
Commentary  |  3/29/2021  | 
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.
Data Bias in Machine Learning: Implications for Social Justice
Commentary  |  3/26/2021  | 
Take historically biased data, then add AI and ML to compound and exacerbate the problem.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Security Operations in the World We Live in Now
Commentary  |  3/25/2021  | 
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
Commentary  |  3/25/2021  | 
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
What a Federal Data Privacy Law Would Mean for Consumers
Commentary  |  3/24/2021  | 
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
Prioritizing Application & API Security After the COVID Cloud Rush
Commentary  |  3/24/2021  | 
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Disrupting the Cybercriminal Supply Chain
Commentary  |  3/23/2021  | 
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
Commentary  |  3/23/2021  | 
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
How Us Shady Geeks Put Others Off Security
Commentary  |  3/19/2021  | 
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Women's History Month: Making Mentorship Meaningful
Commentary  |  3/18/2021  | 
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
Beware the Package Typosquatting Supply Chain Attack
Commentary  |  3/18/2021  | 
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Commentary  |  3/18/2021  | 
Address these six technical root causes of breaches in order to keep your company safer.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Commentary  |  3/17/2021  | 
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
Best Practices for Securing Service Accounts
Commentary  |  3/16/2021  | 
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Name That Toon: Something Seems Afoul
Commentary  |  3/15/2021  | 
Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.
How to Choose the Right Cybersecurity Framework
Commentary  |  3/15/2021  | 
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
Power Equipment: A New Cybersecurity Frontier
Commentary  |  3/12/2021  | 
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
Actionable Tips for Engaging the Board on Cybersecurity
Commentary  |  3/11/2021  | 
Up your game with your company's board of directors to help them understand your cybersecurity priorities.
5 Steps for Investigating Phishing Attacks
Commentary  |  3/11/2021  | 
Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
Commentary  |  3/10/2021  | 
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
Commentary  |  3/9/2021  | 
And the winner of Dark Reading's February cartoon caption contest is ...
COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns
Commentary  |  3/9/2021  | 
The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.
Look to Banking as a Model for Stopping Crime-as-a-Service
Commentary  |  3/9/2021  | 
The first step toward prevention is understanding the six most common CaaS services.
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Commentary  |  3/8/2021  | 
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Commentary  |  3/5/2021  | 
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
Make Sure That Stimulus Check Lands in the Right Bank Account
Commentary  |  3/5/2021  | 
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
Secure Laptops & the Enterprise of the Future
Commentary  |  3/4/2021  | 
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
Why We Need More Blue Team Voices at the Table
Commentary  |  3/4/2021  | 
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
How SolarWinds Busted Up Our Assumptions About Code Signing
Commentary  |  3/3/2021  | 
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
Design, Security, Tech Is the New Stack You Should Be Building
Commentary  |  3/3/2021  | 
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Commentary  |  3/2/2021  | 
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Commentary  |  3/2/2021  | 
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
Building a Next-Generation SOC Starts With Holistic Operations
Commentary  |  3/1/2021  | 
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.