Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2021
Page 1 / 3   >   >>
Ransomware Task Force Publishes Framework to Fight Global Threat
News  |  4/30/2021  | 
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
New Threat Group Carrying Out Aggressive Ransomware Campaign
News  |  4/30/2021  | 
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
MITRE Adds MacOS, More Data Types to ATT&CK Framework
News  |  4/30/2021  | 
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Quick Hits  |  4/30/2021  | 
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
7 Modern-Day Cybersecurity Realities
Slideshows  |  4/30/2021  | 
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
The Ticking Time Bomb in Every Company's Code
Commentary  |  4/30/2021  | 
Developers must weigh the benefits and risks of using third-party code in Web apps.
XDR Pushing Endpoint Detection and Response Technologies to Extinction
News  |  4/29/2021  | 
Ironically, EDR's success has spawn demand for technology that extends beyond it.
Researchers Connect Complex Specs to Software Vulnerabilities
News  |  4/29/2021  | 
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
API Hole on Experian Partner Site Exposes Credit Scores
Quick Hits  |  4/29/2021  | 
Student researcher is concerned security gap may exist on many other sites.
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
Quick Hits  |  4/29/2021  | 
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
Your Digital Identity's Evil Shadow
Commentary  |  4/29/2021  | 
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
Adobe Open Sources Tool for Anomaly Research
News  |  4/29/2021  | 
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
FluBot Malware's Rapid Spread May Soon Hit US Phones
News  |  4/28/2021  | 
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
74% of Financial Institutions See Spike in COVID-Related Threats
Quick Hits  |  4/28/2021  | 
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Quick Hits  |  4/28/2021  | 
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
How to Secure Employees' Home Wi-Fi Networks
Commentary  |  4/28/2021  | 
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Is Your Cloud Raining Sensitive Data?
Commentary  |  4/28/2021  | 
Learn common Kubernetes vulnerabilities and ways to avoid them.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
News  |  4/28/2021  | 
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
News  |  4/27/2021  | 
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
Emotet Malware Uninstalled From Infected Devices
Quick Hits  |  4/27/2021  | 
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
Ransomware Recovery Costs Near $2M
Quick Hits  |  4/27/2021  | 
The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
4 Ways CISOs Can Strengthen Their Security Resilience
Commentary  |  4/27/2021  | 
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Expect an Increase in Attacks on AI Systems
News  |  4/27/2021  | 
Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows.
XDR: A Game-Changer in Enterprise Threat Detection
XDR: A Game-Changer in Enterprise Threat Detection
Dark Reading Videos  |  4/27/2021  | 
Omdia's Eric Parizo highlights four capabilities that show how XDR technology is reinventing enterprise threat detection.
Challenging Our Education System to Nurture the Cyber Pipeline
Commentary  |  4/27/2021  | 
Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
News  |  4/26/2021  | 
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Apple Patches Serious MacOS Security Flaw
Quick Hits  |  4/26/2021  | 
The bug can put Mac users at "grave risk" as it allows attackers to bypass Apple's security mechanisms, a researcher reports.
In Appreciation: Dan Kaminsky
News  |  4/26/2021  | 
Beloved security industry leader and researcher passes away unexpectedly at the age of 42.
Proofpoint to Be Acquired by Thoma Bravo for $12.3B
Quick Hits  |  4/26/2021  | 
The cybersecurity company will go private following the all-cash transaction.
Shift Left: From Concept to Practice
Commentary  |  4/26/2021  | 
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
Password Manager Suffers 'Supply Chain' Attack
Quick Hits  |  4/23/2021  | 
A software update to Click Studios' Passwordstate password manager contained malware.
Insider Data Leaks: A Growing Enterprise Threat
Quick Hits  |  4/23/2021  | 
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features
News  |  4/23/2021  | 
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.
SOC 2 Attestation Tips for SaaS Companies
Commentary  |  4/23/2021  | 
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
News  |  4/22/2021  | 
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.
New CISA Advisories Warn of ICS Vulnerabilities
Quick Hits  |  4/22/2021  | 
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.
Prometei Botnet Adds New Twist to Exchange Server Attacks
Quick Hits  |  4/22/2021  | 
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Improving the Vulnerability Reporting Process With 5 Steps
Commentary  |  4/22/2021  | 
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
University Suspends Project After Researchers Submitted Vulnerable Linux Patches
News  |  4/22/2021  | 
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Commentary  |  4/22/2021  | 
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
10 Free Security Tools at Black Hat Asia 2021
Slideshows  |  4/22/2021  | 
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications
News  |  4/22/2021  | 
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
Rapid7 Acquires Velociraptor Open Source Project
Quick Hits  |  4/21/2021  | 
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
Justice Dept. Creates Task Force to Stop Ransomware Spread
Quick Hits  |  4/21/2021  | 
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
News  |  4/21/2021  | 
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
Business Email Compromise Costs Businesses More Than Ransomware
Commentary  |  4/21/2021  | 
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
Attackers Heavily Targeting VPN Vulnerabilities
News  |  4/21/2021  | 
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25273
PUBLISHED: 2021-07-29
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2021-36741
PUBLISHED: 2021-07-29
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the ...
CVE-2021-36742
PUBLISHED: 2021-07-29
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privile...
CVE-2021-23418
PUBLISHED: 2021-07-29
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
CVE-2020-5329
PUBLISHED: 2021-07-29
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.