Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
<<   <   Page 2 / 2
New Phishing Campaign Targets Individuals of Interest to Iran
News  |  7/13/2021  | 
TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs
News  |  7/13/2021  | 
The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.
DoD-Validated Data Security Startup Emerges From Stealth
Quick Hits  |  7/13/2021  | 
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
Why We Need to Raise the Red Flag Against FragAttacks
Commentary  |  7/13/2021  | 
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
Can Government Effectively Help Businesses Fight Cybercrime?
News  |  7/13/2021  | 
From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?
The Trouble With Automated Cybersecurity Defenses
Commentary  |  7/13/2021  | 
While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
Tool Sprawl & False Positives Hold Security Teams Back
News  |  7/13/2021  | 
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
SolarWinds Discloses Zero-Day Under Active Attack
Quick Hits  |  7/12/2021  | 
The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
Microsoft Confirms Acquisition of RiskIQ
Quick Hits  |  7/12/2021  | 
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.
Kaseya Releases Security Patch as Companies Continue to Recover
News  |  7/12/2021  | 
Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
AI and Cybersecurity: Making Sense of the Confusion
Commentary  |  7/12/2021  | 
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
How Dangerous Is Malware? New Report Finds It's Tough to Tell
Quick Hits  |  7/9/2021  | 
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
CISA Analysis Reveals Successful Attack Techniques of FY 2020
Quick Hits  |  7/9/2021  | 
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
New Framework Aims to Describe & Address Complex Social Engineering Attacks
News  |  7/9/2021  | 
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
It's in the Game (but It Shouldn't Be)
Commentary  |  7/9/2021  | 
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
Cartoon Caption Winner: Sight Unseen
Commentary  |  7/9/2021  | 
And the winner of Dark Reading's June contest is ...
Morgan Stanley Discloses Data Breach
Quick Hits  |  7/8/2021  | 
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
New WildPressure Malware Capable of Targeting Windows and MacOS
Quick Hits  |  7/8/2021  | 
The Trojan sends information back to the attackers' servers about the programming language of a target device.
Kaseya Hacked via Authentication Bypass
Commentary  |  7/8/2021  | 
The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
What Colonial Pipeline Means for Commercial Building Cybersecurity
Commentary  |  7/8/2021  | 
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
News  |  7/7/2021  | 
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
Fake Android Apps Promise Cryptomining Services to Steal Funds
Quick Hits  |  7/7/2021  | 
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
Sophos Acquires Capsule8 for Linux Server & Container Security
Quick Hits  |  7/7/2021  | 
The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.
Are Security Attestations a Necessity for SaaS Businesses?
Commentary  |  7/7/2021  | 
Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln
News  |  7/7/2021  | 
It urges organizations to immediately apply security update, citing exploit activity.
Autonomous Security Is Essential if the Edge Is to Scale Properly
Commentary  |  7/7/2021  | 
Service demands at the network edge mean customers need to get cost, performance, and security right.
Researchers Learn From Nation-State Attackers' OpSec Mistakes
News  |  7/6/2021  | 
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.
Workers Careless in Sharing & Reusing Corporate Secrets
Quick Hits  |  7/6/2021  | 
A new survey shows leaked enterprise secrets costs companies millions of dollars each year.
It's High Time for a Security Scoring System for Applications and Open Source Libraries
Commentary  |  7/6/2021  | 
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.
Alleged Cybercriminal Arrested in Morocco Following Interpol Probe
Quick Hits  |  7/6/2021  | 
The suspect operated under the name "Dr Hex" to target thousands of people through phishing, fraud, and carding activities.
Cyberattack on Kaseya Nets More Than 1,000 Victims, $70M Ransom Demand
News  |  7/6/2021  | 
The provider of remote monitoring and management services warns customers to not run its software until a patch is available and manually installed.
8 Ways to Preserve Legal Privilege After a Cybersecurity Incident
Commentary  |  7/6/2021  | 
Knowing your legal distinctions can make defense easier should you end up in court after a breach, attack, or data loss.
Watch for Cybersecurity Games at the Tokyo Olympics
Commentary  |  7/5/2021  | 
The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.
Barracuda Agrees to Acquire Skout Cybersecurity
Quick Hits  |  7/2/2021  | 
The acquisition will bring Barracuda into the extended detection and response (XDR) market with a tool for managed service providers.
Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags
News  |  7/2/2021  | 
Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.
Microsoft Issues New CVE for 'PrintNightmare' Flaw
News  |  7/2/2021  | 
Company says remote code execution issue in all Windows versions is different from one in Windows Print Spooler that it had patched last month, though both affect same function.
SOC Investment Improves Detection and Response Times, Data Shows
Quick Hits  |  7/2/2021  | 
A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.
WFH: A Smart Time to Revisit Employee Use of Social Media
Commentary  |  7/2/2021  | 
Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.
GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code
News  |  7/1/2021  | 
The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.
CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems
News  |  7/1/2021  | 
Patches Microsoft issued last month not effective against exploits targeting "PrintNightmare" flaw, agency and others say.
WhiteHat Security Rebrands as NTT Application Security
Quick Hits  |  7/1/2021  | 
The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.
CISA Updates CSET Tool for Ransomware Defense
Quick Hits  |  7/1/2021  | 
A new module provides a set of practices to help organizations assess how well-equipped they are to defend and recover from ransomware.
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
News  |  7/1/2021  | 
Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.
Why Are There Never Enough Logs During an Incident Response?
Commentary  |  7/1/2021  | 
Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.
Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
Commentary  |  7/1/2021  | 
One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.
SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO
News  |  6/30/2021  | 
IPO is the highest valued in cybersecurity history, according to reports.
SMB Worm Targeting EternalBlue Vuln Spreads to US
News  |  6/30/2021  | 
"Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.
Impersonation Becomes Top Phishing Technique
Quick Hits  |  6/30/2021  | 
A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.
MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
News  |  6/30/2021  | 
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.
Attackers Already Unleashing Malware for Apple macOS M1 Chip
News  |  6/30/2021  | 
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20859
PUBLISHED: 2021-12-01
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-19...
CVE-2021-20860
PUBLISHED: 2021-12-01
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and ...
CVE-2021-20861
PUBLISHED: 2021-12-01
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC...
CVE-2021-20862
PUBLISHED: 2021-12-01
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-175...
CVE-2021-20863
PUBLISHED: 2021-12-01
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GS...