Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Planning Our Passwordless Future
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Troy Hunt: Organizations Make Security Choices Tough for Users
7 Modern-Day Cybersecurity Realities
News & Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato NetworksCommentary
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
By Etay Maor Sr. Director Security Strategy at Cato Networks, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Infrastructure Under Attack
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
By Marc Wilczek Digital Strategist & COO of Link11, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Tulsa Deals With Aftermath of Ransomware Attack
Dark Reading Staff, Quick Hits
Weekend attack shuts down several city sites and service.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime
Dark Reading Staff, Quick Hits
The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
10 Security Awareness Training Mistakes to Avoid
Joan Goodchild, Staff Editor
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
By Joan Goodchild Staff Editor, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Exchange Exploitation: Not Dead Yet
John Hammond, Senior Security Researcher at HuntressCommentary
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
By John Hammond Senior Security Researcher at Huntress, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
How North Korean APT Kimsuky Is Evolving Its Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Dark Reading Staff, Quick Hits
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Dark Reading Staff, Quick Hits
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Quote: Password Empowerment
Edge Editors, Dark Reading
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.
By Edge Editors Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSecCommentary
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
By Rob Simon Principal Security Consultant at TrustedSec, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
11 Reasons Why You Sorta Love Passwords
Edge Editors, Dark Reading
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
By Edge Editors Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Troy Hunt: Organizations Make Security Choices Tough for Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
New Techniques Emerge for Abusing Windows Services to Gain System Control
Jai Vijayan, Contributing WriterNews
Organizations should apply principles of least privilege to mitigate threats, security researcher says.
By Jai Vijayan Contributing Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Google Plans to Automatically Enable Two-Factor Authentication
Dark Reading Staff, Quick Hits
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Publishes Analysis on New 'FiveHands' Ransomware
Dark Reading Staff, Quick Hits
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing WriterNews
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
By Robert Lemos Contributing Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
ESG Report Uncovers Security Decision Makers 2021 Cybercrime Concerns
Kaspersky Research Finds DDoS Sttacks in Q1 2021 Return to Pre-Pandemic Numbers
SafeGuard Cyber Introduces Advanced Governance for Zoom Video Communications
Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority
Secretary of Homeland Security to Participate in U.S. Chamber of Commerce NOW + NEXT
LiveAction Acquires CounterFlow AI to Expand Network Security Offerings
Sectigo Acquires SiteLock, Solidifying Its Market-Leading Position in Web Security
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

10 Security Awareness Training Mistakes to Avoid
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
11 Reasons Why You Sorta Love Passwords
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
How to Move Beyond Passwords and Basic MFA
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: What Virtual Reality phishing attacks will look like in 2030.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21652
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2021-21653
PUBLISHED: 2021-05-11
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2021-21654
PUBLISHED: 2021-05-11
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21655
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21656
PUBLISHED: 2021-05-11
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Flash Poll
Video
Slideshows
Twitter Feed