Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cartoon Caption Winner: Be Careful Who You Trust
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How to Submit a Column to Dark Reading
News & Commentary
KnowBe4 Buys Competitor MediaPRO
Dark Reading Staff, Quick Hits
Known for its phishing simulation platform, KnowBe4 says deal will help it expand in privacy and compliance training market.
By Dark Reading Staff , 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
McAfee to Sell Enterprise Business to Equity Firm STG for $4B
Jai Vijayan, Contributing WriterNews
The planned move is unlikely to do much for enterprise customers or for security vendor's consumer business, analysts say.
By Jai Vijayan Contributing Writer, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Exchange Server Attack Escalation Prompts Patching Panic
Kelly Sheridan, Staff Editor, Dark ReadingNews
US government officials weigh in on the attacks and malicious activity, which researchers believe may be the work of multiple groups.
By Kelly Sheridan Staff Editor, Dark Reading, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project
Robert Lemos, Contributing WriterNews
Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.
By Robert Lemos Contributing Writer, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Tip: Proceed With Caution
Edge Editors, Dark Reading
Security pros offer up their post-SolarWinds patch-management advice.
By Edge Editors Dark Reading, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Sophie Chase-Borthwick, Vice President, Data Ethics and Privacy, CalligoCommentary
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
By Sophie Chase-Borthwick Vice President, Data Ethics and Privacy, Calligo, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Dark Reading Staff, Quick Hits
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
By Dark Reading Staff , 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
5 Ways Social Engineers Crack Into Human Beings
Joan Goodchild, Contributing Writer
These common human traits are the basic ingredients in the con-man's recipe for trickery.
By Joan Goodchild Contributing Writer, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Realistic Patch Management Tips, Post-SolarWinds
Sara Peters, Senior Editor at Dark Reading
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
By Sara Peters Senior Editor at Dark Reading, 3/5/2021
Comment1 Comment  |  Read  |  Post a Comment
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Maxine Holt, Research Director, OmdiaCommentary
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
By Maxine Holt Research Director, Omdia, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Make Sure That Stimulus Check Lands in the Right Bank Account
Tom Pendergast, Chief Learning Officer at MediaPROCommentary
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
By Tom Pendergast Chief Learning Officer at MediaPRO, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Business Apps Spoofed in 45% of Impersonation Attacks
Dark Reading Staff, Quick Hits
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Still Seeing High Level of Attacker Activity
Robert Lemos, Contributing WriterNews
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
By Robert Lemos Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
Jai Vijayan, Contributing WriterNews
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
John McAfee Charged in 'Pump & Dump' Cryptocurrency Scheme
Dark Reading Staff, Quick Hits
Justice officials claim antivirus founder and associate fraudulently promoted altcoins via Twitter.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
New Social Security Scam Spoofs Government Badges
Dark Reading Staff, Quick Hits
Criminals text or email photos of fake government identification badges to trick people into sending money.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Qualys Is the Latest Victim of Accellion Data Breach
Jai Vijayan, Contributing WriterNews
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Forescout Further Enhances Management Team With Appointment of Wael Mohamed as CEO
Group-IB: Ransomware Empire Prospers in Pandemic-Hit World; Attacks Grow by 150%
Reblaze Launches Open Source Security Platform
Anomali Appoints New CEO
Kaspersky VPN Secure Connection Now Available on Macs with Apple Silicon
StorCentric Announces Nexsan Assureon Cloud Edition
SAFE Identity Announces Internet of Medical Things Working Group
NetMotion Survey: Only 12% of Enterprises Worldwide Have Fully Embraced SASE
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Realistic Patch Management Tips, Post-SolarWinds
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
Name That Edge Toon: In Hot Water
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21360
PUBLISHED: 2021-03-09
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic ...
CVE-2021-21361
PUBLISHED: 2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed...
CVE-2021-24033
PUBLISHED: 2021-03-09
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoke...
CVE-2021-21510
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed