Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Attacks/Breaches

News & Commentary
Ransomware Task Force Publishes Framework to Fight Global Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
New Threat Group Carrying Out Aggressive Ransomware Campaign
Jai Vijayan, Contributing WriterNews
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
By Jai Vijayan Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
MITRE Adds MacOS, More Data Types to ATT&CK Framework
Robert Lemos, Contributing WriterNews
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
By Robert Lemos Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Dark Reading Staff, Quick Hits
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
By Dark Reading Staff , 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
By Steve Zurier Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
API Hole on Experian Partner Site Exposes Credit Scores
Dark Reading Staff, Quick Hits
Student researcher is concerned security gap may exist on many other sites.
By Dark Reading Staff , 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
By Kelly Sheridan Staff Editor, Dark Reading, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
74% of Financial Institutions See Spike in COVID-Related Threats
Dark Reading Staff, Quick Hits
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Dark Reading Staff, Quick Hits
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Is Your Cloud Raining Sensitive Data?
Or Azarzar, CTO & Co-Founder of LightspinCommentary
Learn common Kubernetes vulnerabilities and ways to avoid them.
By Or Azarzar CTO & Co-Founder of Lightspin, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
By Kelly Sheridan Staff Editor, Dark Reading, 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
Emotet Malware Uninstalled From Infected Devices
Dark Reading Staff, Quick Hits
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
By Dark Reading Staff , 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Recovery Costs Near $2M
Dark Reading Staff, Quick Hits
The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
By Dark Reading Staff , 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
4 Ways CISOs Can Strengthen Their Security Resilience
Tom Kellermann, Head of Cybersecurity Strategy, VMwareCommentary
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
By Tom Kellermann Head of Cybersecurity Strategy, VMware, 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
Jai Vijayan, Contributing WriterNews
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
By Jai Vijayan Contributing Writer, 4/26/2021
Comment0 comments  |  Read  |  Post a Comment
In Appreciation: Dan Kaminsky
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Beloved security industry leader and researcher passes away unexpectedly at the age of 42.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/26/2021
Comment0 comments  |  Read  |  Post a Comment
Password Manager Suffers 'Supply Chain' Attack
Dark Reading Staff, Quick Hits
A software update to Click Studios' Passwordstate password manager contained malware.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Insider Data Leaks: A Growing Enterprise Threat
Dark Reading Staff, Quick Hits
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
Jai Vijayan, Contributing WriterNews
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.
By Jai Vijayan Contributing Writer, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Prometei Botnet Adds New Twist to Exchange Server Attacks
Dark Reading Staff, Quick Hits
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
By Dark Reading Staff , 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020
Kaspersky: Targeted Ransomware Grows Nearly 800%
Mimecast Report: 61% of Organizations Were Infected with Ransomware in 2020
Netacea Releases "Buying Bad Bots Wholesale: The Genesis Market" Report
Mandiant Advantage Expands SaaS platform with New Mandiant Automated Defense Module
Sift Streamlines Digital Trust & Safety Suite to Protect Merchants Against the Fraud Economy
Zscaler Advances Zero Trust Security for the Digital Business
Kasada and GreyNoise Team up to Identify Which Potential Threats Demand Immediate Attention
More Products & Releases
PR Newswire
News
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
Kelly Sheridan, Staff Editor, Dark Reading,  4/20/2021
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Contributing Writer,  4/20/2021
Commentary
Business Email Compromise Costs Businesses More Than Ransomware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at Presidio,  4/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "I think he wants the wifi password."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28943
PUBLISHED: 2021-04-30
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
CVE-2020-28944
PUBLISHED: 2021-04-30
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
CVE-2021-31792
PUBLISHED: 2021-04-30
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
CVE-2021-31934
PUBLISHED: 2021-04-30
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
CVE-2021-31935
PUBLISHED: 2021-04-30
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.