Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2021
<<   <   Page 3 / 3
Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches
News  |  3/10/2021  | 
Researchers have spotted multiple groups exploiting the zero-day Exchange server vulnerabilities.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
Commentary  |  3/10/2021  | 
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
Call Recorder iPhone App Flaw Uncovered
Quick Hits  |  3/10/2021  | 
Researcher finds thousands of recorded calls easily accessible to others.
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
News  |  3/9/2021  | 
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.
Linux Foundation Debuts Sigstore Project for Software Signing
News  |  3/9/2021  | 
Sigstore aims to improve the open source software supply chain by simplifying the process of cryptographic software signing.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
Commentary  |  3/9/2021  | 
And the winner of Dark Reading's February cartoon caption contest is ...
48% of Security Pros Prohibited From Intelligence-Sharing
Quick Hits  |  3/9/2021  | 
Some do so anyway, according to new Kaspersky research.
COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns
Commentary  |  3/9/2021  | 
The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.
Leaked Development Secrets a Major Issue for Repositories
News  |  3/9/2021  | 
Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.
Microsoft Pushes Patches for Older Versions of Exchange Server
Quick Hits  |  3/9/2021  | 
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
Look to Banking as a Model for Stopping Crime-as-a-Service
Commentary  |  3/9/2021  | 
The first step toward prevention is understanding the six most common CaaS services.
KnowBe4 Buys Competitor MediaPRO
Quick Hits  |  3/8/2021  | 
Known for its phishing simulation platform, KnowBe4 says deal will help it expand in privacy and compliance training market.
McAfee to Sell Enterprise Business to Equity Firm STG for $4B
News  |  3/8/2021  | 
The planned move is unlikely to do much for enterprise customers or for security vendor's consumer business, analysts say.
Microsoft Exchange Server Attack Escalation Prompts Patching Panic
News  |  3/8/2021  | 
US government officials weigh in on the attacks and malicious activity, which researchers believe may be the work of multiple groups.
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project
News  |  3/8/2021  | 
Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Commentary  |  3/8/2021  | 
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Quick Hits  |  3/5/2021  | 
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
News  |  3/5/2021  | 
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
5 Ways Social Engineers Crack Into Human Beings
Slideshows  |  3/5/2021  | 
These common human traits are the basic ingredients in the con-man's recipe for trickery.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Commentary  |  3/5/2021  | 
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
Make Sure That Stimulus Check Lands in the Right Bank Account
Commentary  |  3/5/2021  | 
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
Business Apps Spoofed in 45% of Impersonation Attacks
Quick Hits  |  3/4/2021  | 
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
Healthcare Still Seeing High Level of Attacker Activity
News  |  3/4/2021  | 
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
News  |  3/4/2021  | 
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
John McAfee Charged in 'Pump & Dump' Cryptocurrency Scheme
Quick Hits  |  3/4/2021  | 
Justice officials claim antivirus founder and associate fraudulently promoted altcoins via Twitter.
Secure Laptops & the Enterprise of the Future
Commentary  |  3/4/2021  | 
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
New Social Security Scam Spoofs Government Badges
Quick Hits  |  3/4/2021  | 
Criminals text or email photos of fake government identification badges to trick people into sending money.
Qualys Is the Latest Victim of Accellion Data Breach
News  |  3/4/2021  | 
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
Why We Need More Blue Team Voices at the Table
Commentary  |  3/4/2021  | 
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
Intel: More Than 90% of Our Vulnerabilities Found via Research
News  |  3/3/2021  | 
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
More Details Emerge on the Microsoft Exchange Server Attacks
News  |  3/3/2021  | 
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
Okta to Buy Rival Auth0
Quick Hits  |  3/3/2021  | 
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Quick Hits  |  3/3/2021  | 
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
How SolarWinds Busted Up Our Assumptions About Code Signing
Commentary  |  3/3/2021  | 
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
Design, Security, Tech Is the New Stack You Should Be Building
Commentary  |  3/3/2021  | 
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
Policy Group Calls for Public-Private Cyber-Defense Program
News  |  3/2/2021  | 
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
Microsoft Ignite Brings Security & Compliance Updates
News  |  3/2/2021  | 
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
News  |  3/2/2021  | 
'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
News  |  3/2/2021  | 
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
Thycotic and Centrify to Merge In $1.4B Deal
Quick Hits  |  3/2/2021  | 
TPG Capital will combine privileged access management providers into one company.
Google Partners With Insurers to Create Risk Protection Program
Quick Hits  |  3/2/2021  | 
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Commentary  |  3/2/2021  | 
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Commentary  |  3/2/2021  | 
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
News  |  3/2/2021  | 
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
Quick Hits  |  3/1/2021  | 
Earnings report points to diversion of care during incident for financial loss.
New Jailbreak Tool Works on Most iPhones
Quick Hits  |  3/1/2021  | 
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
MSP Provider Builds Red Team as Attackers Target Industry
News  |  3/1/2021  | 
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.
Building a Next-Generation SOC Starts With Holistic Operations
Commentary  |  3/1/2021  | 
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39220
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended ...
CVE-2021-39221
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due th...
CVE-2021-41176
PUBLISHED: 2021-10-25
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted at...
CVE-2021-34854
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within ...
CVE-2021-34855
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exi...