Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cartoon Caption Winner: Be Careful Who You Trust
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How to Submit a Column to Dark Reading
News & Commentary
Intel: Paid Research Caught More Than 90% of Our Vulnerabilities
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Okta to Buy Rival Auth0
Dark Reading Staff, Quick Hits
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Dark Reading Staff, Quick Hits
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Design, Security, Tech Is the New Stack You Should Be Building
Sathish Muthukrishnan, Chief Information, Data and Digital Officer, AllyCommentary
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
By Sathish Muthukrishnan Chief Information, Data and Digital Officer, Ally, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Policy Group Calls for Public-Private Cyber-Defense Program
Robert Lemos, Contributing WriterNews
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
By Robert Lemos Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Ignite Brings Security & Compliance Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing WriterNews
'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
By Jai Vijayan Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment1 Comment  |  Read  |  Post a Comment
Thycotic and Centrify to Merge In $1.4B Deal
Dark Reading Staff, Quick Hits
TPG Capital will combine privileged access management providers into one company.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Google Partners With Insurers to Create Risk Protection Program
Dark Reading Staff, Quick Hits
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Edge Toon: In Hot Water
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 3/2/2021
Comment4 comments  |  Read  |  Post a Comment
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Shai Morag, CEO of ErmeticCommentary
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
By Shai Morag CEO of Ermetic, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
Jai Vijayan, Contributing WriterNews
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.
By Jai Vijayan Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
New Jailbreak Tool Works on Most iPhones
Dark Reading Staff, Quick Hits
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
Dark Reading Staff, Quick Hits
Earnings report points to diversion of care during incident for financial loss.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
MSP Provider Builds Red Team as Attackers Target Industry
Robert Lemos, Contributing WriterNews
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.
By Robert Lemos Contributing Writer, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
Joan Goodchild, Contributing Writer
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
By Joan Goodchild Contributing Writer, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Reblaze Launches Open Source Security Platform
Anomali Appoints New CEO
Kaspersky VPN Secure Connection Now Available on Macs with Apple Silicon
StorCentric Announces Nexsan Assureon Cloud Edition
SAFE Identity Announces Internet of Medical Things Working Group
NetMotion Survey: Only 12% of Enterprises Worldwide Have Fully Embraced SASE
Sequitur Labs Expands EmSPARK Security Suite Deployment Options
Cynet Reviews the Top 6 Most Notable Cyber Attacks of 2020
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Name That Edge Toon: In Hot Water
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
Securing Super Bowl LV
A peek at open XDR technology and defense that held up better than the Kansas City Chiefs.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed