Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Advanced Threats
Page 1 / 2   >   >>
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
News  |  1/13/2021  | 
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
Malware Developers Refresh Their Attack Tools
News  |  1/8/2021  | 
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
Even Small Nations Have Jumped into the Cyber Espionage Game
News  |  1/7/2021  | 
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.
China's APT Groups May Be Looking to Cash In
News  |  1/5/2021  | 
Two campaigns have resulted in encrypted drives and ransom notes, suggesting that some China-linked nation-state advanced persistent threat groups have added financial gain as a motive, researchers say.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
Defending the COVID-19 Vaccine Supply Chain
Commentary  |  12/28/2020  | 
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
Commentary  |  12/28/2020  | 
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Quarterbacking Vulnerability Remediation
Commentary  |  12/24/2020  | 
It's time that security got out of the armchair and out on the field.
Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force
News  |  12/23/2020  | 
Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.
NSA, CISA Warn of Attacks on Federated Authentication
News  |  12/21/2020  | 
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Commentary  |  12/21/2020  | 
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
'SocGholish' Attack Framework Powers Surge in Drive-By Attacks
News  |  12/17/2020  | 
Menlo Labs research team says framework's social engineering toolkit helps criminals impersonate software updates.
Why the Weakest Links Matter
Commentary  |  12/16/2020  | 
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
7 Security Tips for Gamers
Slideshows  |  12/11/2020  | 
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Black Hat Europe: Dark Reading Video News Desk Coverage
News  |  12/10/2020  | 
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Navigating the Security Maze in a New Era of Cyberthreats
Commentary  |  12/9/2020  | 
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Attackers Know Microsoft 365 Better Than You Do
Commentary  |  12/8/2020  | 
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Avoiding a 1984-Like Future
Commentary  |  12/7/2020  | 
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Cloud Security Threats for 2021
Commentary  |  12/3/2020  | 
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Commentary  |  12/3/2020  | 
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Commentary  |  12/2/2020  | 
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
Malicious or Vulnerable Docker Images Widespread, Firm Says
News  |  12/1/2020  | 
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
News  |  12/1/2020  | 
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
Driven by Ransomware, Cyber Claims Rise in Number & Value
News  |  11/30/2020  | 
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Look Beyond the 'Big 5' in Cyberattacks
News  |  11/25/2020  | 
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Commentary  |  11/24/2020  | 
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Commentary  |  11/23/2020  | 
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
How to Identify Cobalt Strike on Your Network
Commentary  |  11/18/2020  | 
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Vulnerability Prioritization Tops Security Pros' Challenges
Commentary  |  11/17/2020  | 
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
Commentary  |  11/17/2020  | 
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Commentary  |  11/13/2020  | 
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Slideshows  |  11/12/2020  | 
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at this week's virtual event.
How to Avoid Getting Killed by Ransomware
Commentary  |  11/11/2020  | 
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Preventing and Mitigating DDoS Attacks: It's Elementary
Commentary  |  11/9/2020  | 
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
7 Online Shopping Tips for the Holidays
Slideshows  |  11/9/2020  | 
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
Reworking the Taxonomy for Richer Risk Assessments
Commentary  |  11/3/2020  | 
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
6 Cybersecurity Lessons From 2020
Slideshows  |  11/3/2020  | 
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
Microsoft & Others Catalog Threats to Machine Learning Systems
News  |  11/2/2020  | 
Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
News  |  10/29/2020  | 
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
How to Increase Voter Turnout & Reduce Fraud
Commentary  |  10/29/2020  | 
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
Rethinking Security for the Next Normal -- Under Pressure
Commentary  |  10/28/2020  | 
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
MITRE Shield Matrix Highlights Deception & Concealment Technology
Commentary  |  10/27/2020  | 
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Commentary  |  10/26/2020  | 
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
Page 1 / 2   >   >>


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...