Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
<<   <   Page 2 / 2
Cybersecurity Responsibility in a Post-Pandemic World
Cybersecurity Responsibility in a Post-Pandemic World
Dark Reading Videos  |  2/22/2021  | 
In this video, Omdia Cybersecurity Senior Research Director Maxine Holt explains why a more sustainable approach to post-pandemic cybersecurity is necessary.
What Can Your Connected Car Reveal About You?
Commentary  |  2/22/2021  | 
App developers must take responsibility for the security of users' data.
Kia Denies Ransomware Attack as IT Outage Continues
Quick Hits  |  2/19/2021  | 
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
Attackers Already Targeting Apple's M1 Chip with Custom Malware
News  |  2/19/2021  | 
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
How to Fine-Tune Vendor Risk Management in a Virtual World
Commentary  |  2/19/2021  | 
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Microsoft Concludes Internal Investigation into Solorigate Breach
News  |  2/18/2021  | 
The software giant found no evidence that attackers gained extensive access to services or customer data.
CrowdStrike Buys Log Management Startup Humio for $400M
Quick Hits  |  2/18/2021  | 
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
Apple Offers Closer Look at Its Platform Security Technologies, Features
News  |  2/18/2021  | 
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Microsoft Azure Front Door Gets a Security Upgrade
News  |  2/18/2021  | 
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Commentary  |  2/18/2021  | 
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
Data Security Accountability in an Age of Regular Breaches
Commentary  |  2/18/2021  | 
As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
How to Run a Successful Penetration Test
Slideshows  |  2/18/2021  | 
These seven tips will help ensure a penetration test improves your organization's overall security posture.
Virginia Takes Different Tack Than California With Data Privacy Law
Commentary  |  2/18/2021  | 
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
News  |  2/17/2021  | 
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
News  |  2/17/2021  | 
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
Quick Hits  |  2/17/2021  | 
Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach.
Kia Faces $20M DoppelPaymer Ransomware Attack
Quick Hits  |  2/17/2021  | 
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
Ransomware? Let's Call It What It Really Is: Extortionware
Commentary  |  2/17/2021  | 
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
News  |  2/17/2021  | 
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
4 Predictions for the Future of Privacy
Commentary  |  2/17/2021  | 
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
Compromised Credentials Show That Abuse Happens in Multiple Phases
News  |  2/16/2021  | 
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Firms Patch Greater Number of Systems, but Still Slowly
News  |  2/16/2021  | 
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
Strata Identity Raises $11M in Series A Round
Quick Hits  |  2/16/2021  | 
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
Under Attack: Hosting & Internet Service Providers
Commentary  |  2/16/2021  | 
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
Palo Alto Networks Plans to Acquire Cloud Security Firm
Quick Hits  |  2/16/2021  | 
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
Black History Month 2021: Time to Talk Diversity and Cybersecurity
Commentary  |  2/16/2021  | 
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Commentary  |  2/15/2021  | 
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020
News  |  2/15/2021  | 
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
How to Submit a Column to Dark Reading
Commentary  |  2/15/2021  | 
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Water Utility Hack Could Inspire More Intruders
News  |  2/12/2021  | 
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
Commentary  |  2/12/2021  | 
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
Ransomware Attackers Set Their Sights on SaaS
News  |  2/11/2021  | 
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
News  |  2/11/2021  | 
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
News  |  2/11/2021  | 
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
Quick Hits  |  2/11/2021  | 
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.
Game Over: Stopping DDoS Attacks Before They Start
Commentary  |  2/11/2021  | 
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Commentary  |  2/11/2021  | 
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks
News  |  2/10/2021  | 
Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
SASE Surge: Why the Market Is Poised to Grow
News  |  2/10/2021  | 
Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.
Zero Trust in the Real World
Commentary  |  2/10/2021  | 
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Multivector Attacks Demand Security Controls at the Messaging Level
Commentary  |  2/10/2021  | 
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
News  |  2/9/2021  | 
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
News  |  2/9/2021  | 
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
SentinelOne Buys Data Analytics Company Scalyr
Quick Hits  |  2/9/2021  | 
Cloud-based big data platform boosts extended detection and response (XDR) offering.
How Neurodiversity Can Strengthen Cybersecurity Defense
Commentary  |  2/9/2021  | 
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Quick Hits  |  2/9/2021  | 
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Commentary  |  2/9/2021  | 
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
News  |  2/9/2021  | 
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
News  |  2/8/2021  | 
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
<<   <   Page 2 / 2


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home &gt; Management &gt; Documents &gt; Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.