Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

News & Commentary
Intel Confirms Unauthorized Access of Earnings-Related Data
Jai Vijayan, Contributing WriterNews
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
By Jai Vijayan Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Why North Korea Excels in Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Jai Vijayan, Contributing WriterNews
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
By Jai Vijayan Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Data Shows Attackers Switched Gears in 2020
Robert Lemos, Contributing WriterNews
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
By Robert Lemos Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases New Info on SolarWinds Attack Chain
Jai Vijayan, Contributing WriterNews
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
By Jai Vijayan Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Robert Lemos, Contributing WriterNews
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
By Robert Lemos Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Popular DNS Software Allow Poisoning
Robert Lemos, Contributing WriterNews
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
By Robert Lemos Contributing Writer, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
A Security Practitioner's Guide to Encrypted DNS
Jamie Brim, Corelight Security ResearcherCommentary
Best practices for a shifting visibility landscape.
By Jamie Brim Corelight Security Researcher, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
Robert Lemos, Contributing WriterNews
A new machine learning tool aims to mine privacy policies on behalf of users.
By Robert Lemos Contributing Writer, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle with Cloud Availability as Attackers Take Aim
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Dark Reading Staff, Quick Hits
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/12/2021
Comment2 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Intel's New vPro Processors Aim to Help Defend Against Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.