Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2021
Page 1 / 3   >   >>
SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO
News  |  6/30/2021  | 
IPO is the highest valued in cybersecurity history, according to reports.
SMB Worm Targeting EternalBlue Vuln Spreads to US
News  |  6/30/2021  | 
"Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.
MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
News  |  6/30/2021  | 
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.
Impersonation Becomes Top Phishing Technique
Quick Hits  |  6/30/2021  | 
A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.
Attackers Already Unleashing Malware for Apple macOS M1 Chip
News  |  6/30/2021  | 
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
Intl. Law Enforcement Operation Takes Down DoubleVPN
Quick Hits  |  6/30/2021  | 
The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.
3 Things Every CISO Wishes You Understood
Commentary  |  6/30/2021  | 
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Commentary  |  6/30/2021  | 
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
9 Hot Trends in Cybersecurity Mergers & Acquisitions
Slideshows  |  6/30/2021  | 
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
Google Updates Vulnerability Data Format to Support Automation
News  |  6/29/2021  | 
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
Ransomware Losses Drive Up Cyber-Insurance Costs
News  |  6/29/2021  | 
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
CISA Publishes Catalog of Poor Security Practices
News  |  6/29/2021  | 
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.
Survey Data Reveals Gap in Americans' Security Awareness
Quick Hits  |  6/29/2021  | 
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Commentary  |  6/29/2021  | 
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
3 Ways Cybercriminals Are Undermining MFA
Commentary  |  6/29/2021  | 
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
News  |  6/28/2021  | 
Rogue driver was distributed within gaming community in China, company says.
Attacks Erase Western Digital Network-Attached Storage Drives
News  |  6/28/2021  | 
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.
New House Bill Aims to Drive Americans' Security Awareness
Quick Hits  |  6/28/2021  | 
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.
Microsoft Tracks Attack Campaign Against Customer Support Agents
Quick Hits  |  6/28/2021  | 
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.
The Danger of Action Bias: Is It Always Better to Act Quickly?
News  |  6/28/2021  | 
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.
The Role of Encryption in Protecting LGBTQ+ Community Members
Commentary  |  6/28/2021  | 
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.
New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says
News  |  6/25/2021  | 
Redmond's latest OS will run only on systems with TPM 2.0 chips.
Amazon Acquires Secure Messaging Platform Wickr
Quick Hits  |  6/25/2021  | 
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.
School's Out for Summer, but Don't Close the Book on Cybersecurity Training
Commentary  |  6/25/2021  | 
Strengthening their security posture should be at the top of school IT departments' summer to-do list.
High-Level FIN7 Member Sentenced to 7 Years in Prison
Quick Hits  |  6/25/2021  | 
Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.
7 Unconventional Pieces of Password Wisdom
Slideshows  |  6/25/2021  | 
Challenging common beliefs about best practices in password hygiene.
74% of Q1 Malware Was Undetectable Via Signature-Based Tools
News  |  6/24/2021  | 
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
D3FEND Framework Seeks to Lay Foundation for Cyber Defense
News  |  6/24/2021  | 
The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.
Tulsa Officials Warn Ransomware Attackers Leaked City Files
Quick Hits  |  6/24/2021  | 
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
Preinstalled Firmware Updater Puts 128 Dell Models at Risk
News  |  6/24/2021  | 
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
Boardroom Perspectives on Cybersecurity: What It Means for You
Commentary  |  6/24/2021  | 
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
Storms & Silver Linings: Avoiding the Dangers of Cloud Migration
Commentary  |  6/24/2021  | 
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
John McAfee, Creator of McAfee Antivirus Software, Dead at 75
Quick Hits  |  6/24/2021  | 
McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.
79% of Third-Party Libraries in Apps Are Never Updated
News  |  6/23/2021  | 
A lack of contextual information and concerns over application disruption among contributing factors.
VMs Help Ransomware Attackers Evade Detection, but It's Uncommon
News  |  6/23/2021  | 
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
Microsoft Tracks New BazaCall Malware Campaign
Quick Hits  |  6/23/2021  | 
Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies
News  |  6/23/2021  | 
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
Survey Seeks to Learn How 2020 Changed Security
Quick Hits  |  6/23/2021  | 
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Commentary  |  6/23/2021  | 
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Commentary  |  6/23/2021  | 
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO
News  |  6/22/2021  | 
A new report suggests that top management at most companies still don't get security.
Transmit Security Announces $543M Series A Funding Round
Quick Hits  |  6/22/2021  | 
The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.
NSA Funds Development & Release of D3FEND Framework
Quick Hits  |  6/22/2021  | 
The framework, now available through MITRE, provides countermeasures to attacks.
Identity Eclipses Malware Detection at RSAC Startup Competition
Commentary  |  6/22/2021  | 
All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
News  |  6/22/2021  | 
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started
Commentary  |  6/22/2021  | 
Don't overlook crisis communications in your cybersecurity incident response planning.
Did Companies Fail to Disclose Being Affected by SolarWinds Breach?
News  |  6/21/2021  | 
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
Software-Container Supply Chain Sees Spike in Attacks
News  |  6/21/2021  | 
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
Data Leaked in Fertility Clinic Ransomware Attack
Quick Hits  |  6/21/2021  | 
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.
Baltimore County Public Schools' Ransomware Recovery Tops $8M
Quick Hits  |  6/21/2021  | 
The school district has spent seven months and a reported $8.1 million recovering from the November attack.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.