Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Fighting Fileless Malware, Part 3: Mitigations
Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
How to Submit a Column to Dark Reading
News & Commentary
Cybercriminals Target QuickBooks Databases
Steve Zurier, Contributing WriterNews
Stolen financial files then get sold on the Dark Web, researchers say.
By Steve Zurier Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
New APT Group Targets Airline Industry & Immigration
Jai Vijayan, Contributing WriterNews
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
61% of Malware Delivered via Cloud Apps: Report
Dark Reading Staff, Quick Hits
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Google Invests in Linux Kernel Developers to Focus on Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Kaseya Buys Managed SOC Provider
Dark Reading Staff, Quick Hits
Purchase extends offerings for MSP and SMB customers
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
The Realities of Extended Detection and Response (XDR) Technology
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Universities Face Double Threat of Ransomware, Data Breaches
Robert Lemos, Contributing WriterNews
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
By Robert Lemos Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Be Careful Who You Trust
Edge Editors, Dark Reading
And the winner of The Edge's February cartoon caption contest is ...
By Edge Editors Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
3 Security Flaws in Smart Devices & IoT That Need Fixing
Grigorii Markov, CEO, Cerber Tech Inc.Commentary
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
By Grigorii Markov CEO, Cerber Tech Inc., 2/24/2021
Comment1 Comment  |  Read  |  Post a Comment
Botnet Uses Blockchain to Obfuscate Backup Command & Control Information
Jai Vijayan, Contributing WriterNews
The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath - and ongoing investigations - into the epic attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Releases Second Set of February Firmware Patches
Dark Reading Staff, Quick Hits
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Dark Reading Staff, Quick Hits
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Michael Ohanian, Vice President of Product Management at NetsurionCommentary
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
By Michael Ohanian Vice President of Product Management at Netsurion, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.
By Joshua Goldfarb Director of Product Management at F5, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
CVSS as a Framework, Not a Score
Tim Morgan, Chief Technology Officer of DeepSurface SecurityCommentary
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
By Tim Morgan Chief Technology Officer of DeepSurface Security, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool
Kelly Sheridan, Staff Editor, Dark ReadingNews
APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing WriterNews
Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.
By Robert Lemos Contributing Writer, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims
Jai Vijayan, Contributing WriterNews
FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
By Jai Vijayan Contributing Writer, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Netskope Research Finds Majority of Malware Now Delivered via Cloud Apps
CISA Welcomes New Members to Leadership Team
HID Global Introduces New Seos Credentials
Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research From Accurics Uncovers Developing Sources of Cloud Risk
WhiteHat Security: 50% of Apps Are Vulnerable
Red Canary Closes $81M Series C
1Kosmos Secures $15 Million in Series A Funding From ForgePoint Capital
New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Cartoon Caption Winner: Be Careful Who You Trust
And the winner of The Edge's February cartoon caption contest is ...
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.
Breach Etiquette: How to Mind Your Manners When It Matters
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8032
PUBLISHED: 2021-02-25
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-36254
PUBLISHED: 2021-02-25
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
CVE-2021-27670
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27671
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Flash Poll
Video
Slideshows
Twitter Feed