Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How the Shady Zero-Day Sales Game Is Evolving
6 Open Source Tools for Your Security Team
More SolarWinds Attack Details Emerge
COVID-19: Latest Security News & Commentary
News & Commentary
Startup Offers Free Version of its 'Passwordless' Technology
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Vulns Discovered in Vendor Implementations of Key OT Protocol
Jai Vijayan, Contributing WriterNews
Flaws allow denial-of-service attacks and other malicious activity, Claroty says.
By Jai Vijayan Contributing Writer, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Is Latest Security Vendor to Disclose Cyberattack
Kelly Sheridan, Staff Editor, Dark ReadingNews
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
By Kelly Sheridan Staff Editor, Dark Reading, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Deloitte & Touche Buys Threat-Hunting Firm
Dark Reading Staff, Quick Hits
Root9B (R9B) offers threat hunting and other managed security services.
By Dark Reading Staff , 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Small Security Teams Have Big Security Fears, CISOs Report
Dark Reading Staff, Quick Hits
Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.
By Dark Reading Staff , 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading
Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/25/2021
Comment1 Comment  |  Read  |  Post a Comment
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Leo Simonovich, VP & Global Head, Industrial Cyber and Digital Security, Siemens EnergyCommentary
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
By Leo Simonovich VP & Global Head, Industrial Cyber and Digital Security, Siemens Energy, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Comparing Different AI Approaches to Email Security
Darktrace Experts, Staff
Get to know the difference between "supervised" and "unsupervised" machine learning.
By Darktrace Experts Staff, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Intel Confirms Unauthorized Access of Earnings-Related Data
Jai Vijayan, Contributing WriterNews
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
By Jai Vijayan Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
Robert Lemos, Contributing WriterNews
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
By Robert Lemos Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
How Cybersecurity Newbs Can Start Out on the Right Foot
Joan Goodchild, Contributing Writer
Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
By Joan Goodchild Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Why North Korea Excels in Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Jai Vijayan, Contributing WriterNews
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
By Jai Vijayan Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Data Shows Attackers Switched Gears in 2020
Robert Lemos, Contributing WriterNews
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
By Robert Lemos Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment1 Comment  |  Read  |  Post a Comment
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
By Bernie Brode Nano Product Researcher, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Hacker Pig Latin: A Base64 Primer for Security Analysts
Daniel Smallwood, Senior Threat Research Engineer, IronNet
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
By Daniel Smallwood Senior Threat Research Engineer, IronNet, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases New Info on SolarWinds Attack Chain
Jai Vijayan, Contributing WriterNews
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
By Jai Vijayan Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Get to know the difference between "supervised" and "unsupervised" machine learning.
Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed