Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2021
<<   <   Page 2 / 3   >   >>
CSA & ISACA Team Up on Cloud Auditing Certificate
News  |  3/22/2021  | 
The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.
Qualys CEO Courtot Departs for Health Reasons
Quick Hits  |  3/22/2021  | 
The well-known security industry entrepreneur initially took a leave of absence in February.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
New Malware Hidden in Apple IDE Targets macOS Developers
News  |  3/19/2021  | 
XcodeSpy is latest example of growing attacks on software supply chain.
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
News  |  3/19/2021  | 
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Quick Hits  |  3/19/2021  | 
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
Russian Man Pleads Guilty in Thwarted Tesla Hack
Quick Hits  |  3/19/2021  | 
Egor Kriuchkov will be sentenced in May on conspiracy charge
How Us Shady Geeks Put Others Off Security
Commentary  |  3/19/2021  | 
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Tech Vendors' Lack of Security Transparency Worries Firms
News  |  3/18/2021  | 
A majority of firms say they're more likely to buy from suppliers that are open about security issues -- yet that sentiment isn't necessarily reflected in the technology providers they're currently working with.
Facebook Expands Security Key Support to iOS & Android
News  |  3/18/2021  | 
Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.
Women's History Month: Making Mentorship Meaningful
Commentary  |  3/18/2021  | 
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
New CopperStealer Malware Hijacks Social Media Accounts
Quick Hits  |  3/18/2021  | 
Proofpoint researchers say it steals logins and spreads more malware.
FBI: Business Email Compromise Cost $1.8B in 2020
Quick Hits  |  3/18/2021  | 
The Internet Crime Complaint Center received a record 791,790 complaints last year, with reported losses exceeding $4.1 billion.
Beware the Package Typosquatting Supply Chain Attack
Commentary  |  3/18/2021  | 
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Commentary  |  3/18/2021  | 
Address these six technical root causes of breaches in order to keep your company safer.
Ransom Payments Have Nearly Tripled
News  |  3/18/2021  | 
In 2020, ransomware targeted the manufacturing sector, healthcare organizations, and construction companies, with the average ransom reaching $312,000, a report finds.
Mimecast Says SolarWinds Attackers Accessed Its Source Code Repositories
News  |  3/17/2021  | 
But the amount of code downloaded is too little to be of any use, the email security vendor says in its latest update.
RDP Attacks Persist Near Record Levels in 2021
News  |  3/17/2021  | 
A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.
CISA Issues Advisory on TrickBot Campaigns
Quick Hits  |  3/17/2021  | 
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Teen Behind Twitter Hack Agrees to Three Years in Prison
Quick Hits  |  3/17/2021  | 
Graham Ivan Clark was 17 when accused of the attack that targeted several high-profile Twitter accounts.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Commentary  |  3/17/2021  | 
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
7 Tips to Secure the Enterprise Against Tax Scams
Slideshows  |  3/17/2021  | 
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
Chinese APT Targets Telcos in 5G-Related Cyber-Espionage Campaign
News  |  3/16/2021  | 
Telemetry suggests that threat actor behind Operation Dinxn is Mustang Panda, McAfee says.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Microsoft Releases Mitigation Tool for On-Premises Exchange Servers
Quick Hits  |  3/16/2021  | 
The tool, developed for organizations without dedicated IT and security teams, is meant to be used as temporary mitigation.
Best Practices for Securing Service Accounts
Commentary  |  3/16/2021  | 
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Software Development Security Firm Argon Announces Launch
Quick Hits  |  3/16/2021  | 
Check Point founder Shlomo Kramer is one of the firm's investors.
Metasploit Creator HD Moore's New Startup Raises $5M
News  |  3/16/2021  | 
Startup Rumble enters major new phase with venture capital investment led by Cisco-backed fund as well as big-name security entrepreneurs.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Buffalo Public Schools Cancel Classes Due to Ransomware
Quick Hits  |  3/15/2021  | 
The FBI is investigating the March 12 attack that disrupted the school system's phased reopening this week.
CISA Updates Microsoft Exchange Advisory to Include China Chopper
News  |  3/15/2021  | 
US officials warn organizations of China Chopper Web shells as new data sheds light on how the Exchange Server exploits have grown.
Lookout Acquires SASE Cloud Provider CipherCloud
Quick Hits  |  3/15/2021  | 
Deal signals a focus on the cloud for mobile security firm.
Name That Toon: Something Seems Afoul
Commentary  |  3/15/2021  | 
Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.
How to Choose the Right Cybersecurity Framework
Commentary  |  3/15/2021  | 
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
Verkada Breach Demonstrates Danger of Overprivileged Users
News  |  3/15/2021  | 
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Microsoft Exchange Server Attacks: 9 Lessons for Defenders
Slideshows  |  3/12/2021  | 
Experts share their guidance for organizations running on-premise Exchange servers in the wake of rapidly spreading attacks.
Can a Programming Language Reduce Vulnerabilities?
News  |  3/12/2021  | 
Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity.
Microsoft Reports 'DearCry' Ransomware Targeting Exchange Servers
Quick Hits  |  3/12/2021  | 
Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits.
Power Equipment: A New Cybersecurity Frontier
Commentary  |  3/12/2021  | 
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech
News  |  3/11/2021  | 
F5 BIG-IP and BIG-IQ have multiple critical vulnerabilities that enable attackers to completely compromise systems.
Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020
News  |  3/11/2021  | 
An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.
Molson Coors Beer Operations Halted by Hack
Quick Hits  |  3/11/2021  | 
No details yet disclosed on the cyberattack.
Microsoft Exchange Server Exploit Code Posted to GitHub
Quick Hits  |  3/11/2021  | 
The proof-of-concept tool, which contained exploits for two Exchange Server vulnerabilities, was quickly removed from GitHub.
Actionable Tips for Engaging the Board on Cybersecurity
Commentary  |  3/11/2021  | 
Up your game with your company's board of directors to help them understand your cybersecurity priorities.
5 Steps for Investigating Phishing Attacks
Commentary  |  3/11/2021  | 
Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.
Malware Operator Employs New Trick to Upload Its Dropper into Google Play
News  |  3/10/2021  | 
Check Point researchers recently discovered the Clast82 dropper hidden in nine legitimate Android utility apps.
US Schools Faced Record Number of Security Incidents in 2020
Quick Hits  |  3/10/2021  | 
The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.
'Thousands' of Verkada Cameras Affected by Hacking Breach
News  |  3/10/2021  | 
Thousands of Verkada cameras have been affected by a breach from a group of hackers, who have reportedly gained access to surveillance systems inside several high-profile companies, police departments, hospitals, prisons and schools.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...