Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2021
<<   <   Page 2 / 3   >   >>
4 Predictions for the Future of Privacy
Commentary  |  2/17/2021  | 
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
Compromised Credentials Show That Abuse Happens in Multiple Phases
News  |  2/16/2021  | 
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Firms Patch Greater Number of Systems, but Still Slowly
News  |  2/16/2021  | 
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
Strata Identity Raises $11M in Series A Round
Quick Hits  |  2/16/2021  | 
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
Under Attack: Hosting & Internet Service Providers
Commentary  |  2/16/2021  | 
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
Palo Alto Networks Plans to Acquire Cloud Security Firm
Quick Hits  |  2/16/2021  | 
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
Black History Month 2021: Time to Talk Diversity and Cybersecurity
Commentary  |  2/16/2021  | 
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Commentary  |  2/15/2021  | 
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020
News  |  2/15/2021  | 
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
How to Submit a Column to Dark Reading
Commentary  |  2/15/2021  | 
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Water Utility Hack Could Inspire More Intruders
News  |  2/12/2021  | 
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
Commentary  |  2/12/2021  | 
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
Ransomware Attackers Set Their Sights on SaaS
News  |  2/11/2021  | 
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
News  |  2/11/2021  | 
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
News  |  2/11/2021  | 
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
Quick Hits  |  2/11/2021  | 
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.
Game Over: Stopping DDoS Attacks Before They Start
Commentary  |  2/11/2021  | 
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Commentary  |  2/11/2021  | 
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks
News  |  2/10/2021  | 
Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
SASE Surge: Why the Market Is Poised to Grow
News  |  2/10/2021  | 
Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.
Zero Trust in the Real World
Commentary  |  2/10/2021  | 
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Multivector Attacks Demand Security Controls at the Messaging Level
Commentary  |  2/10/2021  | 
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
News  |  2/9/2021  | 
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
News  |  2/9/2021  | 
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
SentinelOne Buys Data Analytics Company Scalyr
Quick Hits  |  2/9/2021  | 
Cloud-based big data platform boosts extended detection and response (XDR) offering.
How Neurodiversity Can Strengthen Cybersecurity Defense
Commentary  |  2/9/2021  | 
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Quick Hits  |  2/9/2021  | 
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Commentary  |  2/9/2021  | 
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
News  |  2/9/2021  | 
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
News  |  2/8/2021  | 
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
Malicious Code Injected via Google Chrome Extension Highlights App Risks
News  |  2/8/2021  | 
An open source plug-in purportedly introduced tracking and malicious download code to infect nearly 2 million users, reports say.
Hacker Raised Chemical Settings at Water Treatment Plant to Dangerous Levels
Quick Hits  |  2/8/2021  | 
Remote access interface breached at Florida utility; attacker detected raising level of sodium hydroxide in water.
Android App Infects Millions of Devices With a Single Update
Quick Hits  |  2/8/2021  | 
The popular Barcode Scanner app, which as been available on Google Play for years, turned malicious with one software update.
Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools
Commentary  |  2/8/2021  | 
Attackers are using legitimate enterprise tools to execute attacks and carry out malicious actions. Security teams must take action now.
Cartoon Caption Winner: Insider Threat
Commentary  |  2/8/2021  | 
And the winner of Dark Reading's January cartoon caption contest is ...
Spotify Hit With Another Credential-Stuffing Attack
Quick Hits  |  2/5/2021  | 
This marks the second credential-stuffing attack to hit the streaming platform in the last few months.
Security Researchers Push for 'Bug Bounty Program of Last Resort'
News  |  2/5/2021  | 
An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.
Cybercrime Goes Mainstream
Commentary  |  2/5/2021  | 
Organized cybercrime is global in scale and the second-greatest risk over the next decade.
Google's Payout to Bug Hunters Hits New High
News  |  2/4/2021  | 
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.
IBM Offers $3M in Grants to Defend Schools from Cyberattacks
Quick Hits  |  2/4/2021  | 
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.
Microsoft Says It's Time to Attack Your Machine-Learning Models
News  |  2/4/2021  | 
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.
Web Application Attacks Grow Reliant on Automated Tools
News  |  2/4/2021  | 
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
Is $50,000 for a Vulnerability Too Much?
Commentary  |  2/4/2021  | 
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.
Concerns Over API Security Grow as Attacks Increase
News  |  2/3/2021  | 
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
Patch Imperfect: Software Fixes Failing to Shut Out Attackers
News  |  2/3/2021  | 
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
An Observability Pipeline Could Save Your SecOps Team
Commentary  |  2/3/2021  | 
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
SolarWinds Attackers Spent Months in Corporate Email System: Report
Quick Hits  |  2/3/2021  | 
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
Security in a Complex World
Commentary  |  2/3/2021  | 
Innovation and complexity can co-exist; the key is to use innovation to make ever-expanding complexity comprehensible and its effects predictable.
FTC: ID Theft Doubled in 2020
Quick Hits  |  2/2/2021  | 
The Federal Trade Commission said a surge in reports of identity theft occurred amid the COVID-19 pandemic.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.