Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Commentary  |  5/6/2021  | 
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
Attackers Seek New Strategies to Improve Macros' Effectiveness
News  |  5/5/2021  | 
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
Gap Between Security and Networking Teams May Hinder Tech Projects
Quick Hits  |  5/5/2021  | 
Professionals in each field describe a poor working relationship between the two teams
DoD Lets Researchers Target All Publicly Accessible Info Systems
Quick Hits  |  5/5/2021  | 
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
Wanted: The (Elusive) Cybersecurity 'All-Star'
News  |  5/5/2021  | 
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
Will 2021 Mark the End of World Password Day?
Commentary  |  5/5/2021  | 
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Newer Generic Top-Level Domains a Security 'Nuisance'
News  |  5/4/2021  | 
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
Apple Issues Patches for Webkit Security Flaws
Quick Hits  |  5/4/2021  | 
The vulnerabilities may already be under active attack, Apple says in an advisory.
Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack
News  |  5/4/2021  | 
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
Commentary  |  5/4/2021  | 
SPONSORED CONTENT: While organizations may be more vulnerable than ever to supply chain attacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, says Jon Check, senior director in Raytheon's cyber protection solutions unit.
More Companies Adopting DevOps & Agile for Security
News  |  5/4/2021  | 
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
Scripps Health Responds to Cyberattack
Quick Hits  |  5/4/2021  | 
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
Can Organizations Secure Remote Workers for the Long Haul?
Commentary  |  5/4/2021  | 
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
It's Time to Ditch Celebrity Cybersecurity
Commentary  |  5/4/2021  | 
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
Researchers Explore Active Directory Attack Vectors
News  |  5/3/2021  | 
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Imperva to Buy API Security Firm CloudVector
Quick Hits  |  5/3/2021  | 
The deal is intended to expand Imperva's API security portfolio, officials say.
Buer Malware Variant Rewritten in Rust Programming Language
Quick Hits  |  5/3/2021  | 
Researchers suggest a few reasons why operators rewrote Buer in an entirely new language
Researchers Find Bugs Using Single-Codebase Inconsistencies
News  |  5/3/2021  | 
A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.
Dark Reading Celebrates 15th Anniversary
Commentary  |  5/3/2021  | 
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Stopping the Next SolarWinds Requires Doing Something Different
Commentary  |  5/3/2021  | 
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
Ransomware Task Force Publishes Framework to Fight Global Threat
News  |  4/30/2021  | 
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
New Threat Group Carrying Out Aggressive Ransomware Campaign
News  |  4/30/2021  | 
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
MITRE Adds MacOS, More Data Types to ATT&CK Framework
News  |  4/30/2021  | 
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Quick Hits  |  4/30/2021  | 
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
The Ticking Time Bomb in Every Company's Code
Commentary  |  4/30/2021  | 
Developers must weigh the benefits and risks of using third-party code in Web apps.
7 Modern-Day Cybersecurity Realities
Slideshows  |  4/30/2021  | 
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
XDR Pushing Endpoint Detection and Response Technologies to Extinction
News  |  4/29/2021  | 
Ironically, EDR's success has spawn demand for technology that extends beyond it.
Researchers Connect Complex Specs to Software Vulnerabilities
News  |  4/29/2021  | 
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
API Hole on Experian Partner Site Exposes Credit Scores
Quick Hits  |  4/29/2021  | 
Student researcher is concerned security gap may exist on many other sites.
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
Quick Hits  |  4/29/2021  | 
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
Adobe Open Sources Tool for Anomaly Research
News  |  4/29/2021  | 
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.
Your Digital Identity's Evil Shadow
Commentary  |  4/29/2021  | 
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
FluBot Malware's Rapid Spread May Soon Hit US Phones
News  |  4/28/2021  | 
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
74% of Financial Institutions See Spike in COVID-Related Threats
Quick Hits  |  4/28/2021  | 
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Quick Hits  |  4/28/2021  | 
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
How to Secure Employees' Home Wi-Fi Networks
Commentary  |  4/28/2021  | 
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Is Your Cloud Raining Sensitive Data?
Commentary  |  4/28/2021  | 
Learn common Kubernetes vulnerabilities and ways to avoid them.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
News  |  4/28/2021  | 
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
News  |  4/27/2021  | 
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
Emotet Malware Uninstalled From Infected Devices
Quick Hits  |  4/27/2021  | 
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
Ransomware Recovery Costs Near $2M
Quick Hits  |  4/27/2021  | 
The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
4 Ways CISOs Can Strengthen Their Security Resilience
Commentary  |  4/27/2021  | 
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Expect an Increase in Attacks on AI Systems
News  |  4/27/2021  | 
Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows.
XDR: A Game-Changer in Enterprise Threat Detection
XDR: A Game-Changer in Enterprise Threat Detection
Dark Reading Videos  |  4/27/2021  | 
Omdia's Eric Parizo highlights four capabilities that show how XDR technology is reinventing enterprise threat detection.
Challenging Our Education System to Nurture the Cyber Pipeline
Commentary  |  4/27/2021  | 
Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
News  |  4/26/2021  | 
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Apple Patches Serious MacOS Security Flaw
Quick Hits  |  4/26/2021  | 
The bug can put Mac users at "grave risk" as it allows attackers to bypass Apple's security mechanisms, a researcher reports.
In Appreciation: Dan Kaminsky
News  |  4/26/2021  | 
Beloved security industry leader and researcher passes away unexpectedly at the age of 42.
Proofpoint to Be Acquired by Thoma Bravo for $12.3B
Quick Hits  |  4/26/2021  | 
The cybersecurity company will go private following the all-cash transaction.
Page 1 / 2   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26543
PUBLISHED: 2021-05-06
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
CVE-2021-27216
PUBLISHED: 2021-05-06
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2021-29490
PUBLISHED: 2021-05-06
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and ex...
CVE-2021-29491
PUBLISHED: 2021-05-06
Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the ava...
CVE-2021-29921
PUBLISHED: 2021-05-06
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid I...