Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in April 2020
Things Keeping CISOs Up at Night During the COVID-19 Pandemic
Commentary  |  4/30/2020  | 
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
4 Ways to Get to Defensive When Faced by an Advanced Attack
Commentary  |  4/29/2020  | 
To hold your own against nation-state-grade attacks, you must think and act differently.
5 Big Lessons from the Work-from-Home SOC
Commentary  |  4/28/2020  | 
Accustomed to working in the same room, security teams now must find ways to operate effectively in the new remote reality.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
What's Your Cybersecurity Architecture Integration Business Plan?
Commentary  |  4/28/2020  | 
To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
COVID-19 Quarantine: A Unique Learning Opportunity for Defenders
Commentary  |  4/27/2020  | 
Use these spare moments at home to master new skills that will help protect your organization and enhance your career.
Find Your Framework: Thinking Fast and Slow
Commentary  |  4/24/2020  | 
Economist Daniel Kahneman's classic book has lessons for those in security, especially now.
Narrow the Scope of Compliance
Commentary  |  4/24/2020  | 
Many organizations are doing more than they need regarding compliance.
How the Dark Web Fuels Insider Threats
Commentary  |  4/23/2020  | 
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
Resiliency: The Trait National Sporting Leagues Share with Security & IT Teams
Commentary  |  4/23/2020  | 
During unprecedented times such as these, both businesses and professional sports are forced to go back to basics.
The Evolving Threat of Credential Stuffing
Commentary  |  4/23/2020  | 
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
11 Tips for Protecting Active Directory While Working from Home
Commentary  |  4/22/2020  | 
To improve the security of your corporate's network, protect the remote use of AD credentials.
Making the Case for Process Documentation in Cyber Threat Intel
Commentary  |  4/22/2020  | 
Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a must
8 Steps to Enhance Government Agencies' Security Posture
Commentary  |  4/22/2020  | 
Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
Is COVID-19 Intensifying the Need for Security Staffing?
Commentary  |  4/21/2020  | 
Overall, security practitioners should find themselves in a better working situation than many other professionals. However, we are not immune.
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
COVID-19 Caption Contest Winners
Commentary  |  4/20/2020  | 
It was a tough choice! And the winner is
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Commentary  |  4/20/2020  | 
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
'Look for the Helpers' to Securely Enable the Remote Workforce
Commentary  |  4/17/2020  | 
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
4 Cybersecurity Lessons from the Pandemic
Commentary  |  4/16/2020  | 
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Commentary  |  4/15/2020  | 
Hackers are upping their game, especially as they target mobile devices.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
How Company Cultures Dictated Work-from-Home Readiness
Commentary  |  4/14/2020  | 
Companies large and small are discovering just how prepared they were for all employees to work remotely
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
Cybercrime May Be the World's Third-Largest Economy by 2021
Commentary  |  4/13/2020  | 
The underground economy is undergoing an industrialization wave and booming like never before.
10 Ways to Spot a Security Fraud
Commentary  |  4/10/2020  | 
There is no shortage of people presenting themselves as security experts. Some of them truly are. The others...
No STEM, No Problem: How to Close the Security Workforce Gap
Commentary  |  4/9/2020  | 
Those who work well with others, learn quickly, and possess a proactive mindset toward the work can make great employees, even if their backgrounds aren't rooted in cybersecurity.
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Commentary  |  4/8/2020  | 
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
Why Threat Hunting with XDR Matters
Commentary  |  4/8/2020  | 
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Commentary  |  4/7/2020  | 
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.
Using Application Telemetry to Reveal Insider & Evasive Threats
Commentary  |  4/7/2020  | 
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
Why Humans Are Phishing's Weakest Link
Commentary  |  4/6/2020  | 
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Want to Improve Cloud Security? It Starts with Logging
Commentary  |  4/3/2020  | 
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
A Hacker's Perspective on Securing VPNs As You Go Remote
Commentary  |  4/2/2020  | 
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
Best Practices to Manage Third-Party Cyber-Risk Today
Commentary  |  4/2/2020  | 
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
Why All Employees Are Responsible for Company Cybersecurity
Commentary  |  4/1/2020  | 
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The SOC Emergency Room Faces Malware Pandemic
Commentary  |  4/1/2020  | 
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39220
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended ...
CVE-2021-39221
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due th...
CVE-2021-41176
PUBLISHED: 2021-10-25
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted at...
CVE-2021-34854
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within ...
CVE-2021-34855
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exi...