Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2021
Page 1 / 2   >   >>
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Quick Hits  |  1/29/2021  | 
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
Ransomware Payoffs Surge by 311% to Nearly $350 Million
News  |  1/29/2021  | 
Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Commentary  |  1/29/2021  | 
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
2020 Marked a Renaissance in DDoS Attacks
News  |  1/29/2021  | 
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.
Law Enforcement Aims to Take Down Netwalker Ransomware
Quick Hits  |  1/28/2021  | 
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
Breach Data Highlights a Pivot to Orgs Over Individuals
News  |  1/28/2021  | 
In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.
Digital Identity Is the New Security Control Plane
Commentary  |  1/28/2021  | 
Simplifying the management of security systems helps provide consistent protection for the new normal.
App Variety -- and Security Innovation -- Surged in 2020
News  |  1/28/2021  | 
The shift to remote work pushed businesses to reimagine the fabric of apps and cloud services they needed to support their workforces.
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Commentary  |  1/28/2021  | 
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
Intl. Law Enforcement Operation Disrupts Emotet Botnet
News  |  1/27/2021  | 
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
Critical Vulnerability Patched in 'sudo' Utility for Unix-Like OSes
News  |  1/27/2021  | 
Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.
Microsoft Security Business Exceeds $10B in Revenue
Quick Hits  |  1/27/2021  | 
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
4 Clues to Spot a Bot Network
Commentary  |  1/27/2021  | 
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short
News  |  1/27/2021  | 
With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?
Apple Patches Three iOS Zero-Day Vulnerabilities
Quick Hits  |  1/27/2021  | 
New iOS 14.4 update available for iPhones and iPads.
Security's Inevitable Shift to the Edge
Commentary  |  1/27/2021  | 
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
LogoKit Group Aims for Simple Yet Effective Phishing
News  |  1/27/2021  | 
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.
Ransomware Disrupts Operations at Packaging Giant WestRock
News  |  1/26/2021  | 
Incident is another reminder of how vulnerable OT environments are to attack, security experts say.
Pay-or-Get-Breached Ransomware Schemes Take Off
News  |  1/26/2021  | 
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
North Korean Attackers Target Security Researchers via Social Media: Google
News  |  1/26/2021  | 
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
Privacy Teams Helped Navigate the Pivot to Work-from-Home
News  |  1/26/2021  | 
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Quick Hits  |  1/26/2021  | 
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
BEC Scammers Find New Ways to Navigate Microsoft 365
Quick Hits  |  1/26/2021  | 
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Commentary  |  1/26/2021  | 
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
Commentary  |  1/26/2021  | 
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
Startup Offers Free Version of its 'Passwordless' Technology
News  |  1/26/2021  | 
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.
Critical Vulns Discovered in Vendor Implementations of Key OT Protocol
News  |  1/25/2021  | 
Flaws allow denial-of-service attacks and other malicious activity, Claroty says.
SonicWall Is Latest Security Vendor to Disclose Cyberattack
News  |  1/25/2021  | 
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
Deloitte & Touche Buys Threat-Hunting Firm
Quick Hits  |  1/25/2021  | 
Root9B (R9B) offers threat hunting and other managed security services.
Small Security Teams Have Big Security Fears, CISOs Report
Quick Hits  |  1/25/2021  | 
Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.
How to Better Secure Your Microsoft 365 Environment
Slideshows  |  1/25/2021  | 
Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Intel Confirms Unauthorized Access of Earnings-Related Data
News  |  1/22/2021  | 
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
News  |  1/22/2021  | 
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
News  |  1/21/2021  | 
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
Breach Data Shows Attackers Switched Gears in 2020
News  |  1/21/2021  | 
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
Attackers Leave Stolen Credentials Searchable on Google
News  |  1/21/2021  | 
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
7 Steps to Secure a WordPress Site
Slideshows  |  1/21/2021  | 
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Microsoft Releases New Info on SolarWinds Attack Chain
News  |  1/20/2021  | 
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
News  |  1/20/2021  | 
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
Vulnerabilities in Popular DNS Software Allow Poisoning
News  |  1/19/2021  | 
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Quick Hits  |  1/19/2021  | 
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
News  |  1/19/2021  | 
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
NSA Appoints Rob Joyce as Cyber Director
Quick Hits  |  1/15/2021  | 
Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33331
PUBLISHED: 2021-08-03
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
CVE-2021-33332
PUBLISHED: 2021-08-03
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_por...
CVE-2021-33333
PUBLISHED: 2021-08-03
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
CVE-2021-33334
PUBLISHED: 2021-08-03
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permissio...
CVE-2021-30578
PUBLISHED: 2021-08-03
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.