Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Learn SAML: The Language You Don't Know You're Already Speaking
How to Better Secure Your Microsoft 365 Environment
COVID-19: Latest Security News & Commentary
Privacy Teams Helped Navigate the Pivot to Work-from-Home
News & Commentary
Digital Identity Is the New Security Control Plane
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Simplifying the management of security systems helps provide consistent protection for the new normal.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 1/28/2021
Comment0 comments  |  Read  |  Post a Comment
Building Your Personal Privacy Risk Tolerance Profile
Seth Rosenblatt, Contributing Writer
Even today, on Data Privacy Day, privacy professionals give you permission to admit you actually love targeted ads.
By Seth Rosenblatt Contributing Writer, 1/28/2021
Comment0 comments  |  Read  |  Post a Comment
App Variety -- and Security Innovation -- Surged in 2020
Ericka Chickowski, Contributing WriterNews
The shift to remote work pushed businesses to reimagine the fabric of apps and cloud services they needed to support their workforces.
By Ericka Chickowski Contributing Writer, 1/28/2021
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Maxine Holt, Research Director, OmdiaCommentary
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
By Maxine Holt Research Director, Omdia, 1/28/2021
Comment0 comments  |  Read  |  Post a Comment
Intl. Law Enforcement Operation Disrupts Emotet Botnet
Kelly Sheridan, Staff Editor, Dark ReadingNews
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
By Kelly Sheridan Staff Editor, Dark Reading, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Vulnerability Patched in 'sudo' Utility for Unix-Like OSes
Jai Vijayan, Contributing WriterNews
Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.
By Jai Vijayan Contributing Writer, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Security Business Exceeds $10B in Revenue
Dark Reading Staff, Quick Hits
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
By Dark Reading Staff , 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
4 Clues to Spot a Bot Network
Kevin Graham, VP Canada & CALA Operations and Business Development, Babel StreetCommentary
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
By Kevin Graham VP Canada & CALA Operations and Business Development, Babel Street, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short
Robert Lemos, Contributing WriterNews
With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?
By Robert Lemos Contributing Writer, 1/27/2021
Comment1 Comment  |  Read  |  Post a Comment
Apple Patches Three iOS Zero-Day Vulnerabilities
Dark Reading Staff, Quick Hits
New iOS 14.4 update available for iPhones and iPads.
By Dark Reading Staff , 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Security's Inevitable Shift to the Edge
Patrick Sullivan, Akamai CTO, Security StrategyCommentary
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
By Patrick Sullivan Akamai CTO, Security Strategy, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
LogoKit Group Aims for Simple Yet Effective Phishing
Robert Lemos, Contributing WriterNews
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.
By Robert Lemos Contributing Writer, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Disrupts Operations at Packaging Giant WestRock
Jai Vijayan, Contributing WriterNews
Incident is another reminder of how vulnerable OT environments are to attack, security experts say.
By Jai Vijayan Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Pay-or-Get-Breached Ransomware Schemes Take Off
Robert Lemos, Contributing WriterNews
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
By Robert Lemos Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
North Korean Attackers Target Security Researchers via Social Media: Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
By Kelly Sheridan Staff Editor, Dark Reading, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Steve Zurier, Contributing WriterNews
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
By Steve Zurier Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Dark Reading Staff, Quick Hits
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
By Dark Reading Staff , 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
BEC Scammers Find New Ways to Navigate Microsoft 365
Dark Reading Staff, Quick Hits
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
By Dark Reading Staff , 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Before I Go ...
John Klossner, Cartoonist
And the winner of The Edge's January cartoon caption contest is ...
By John Klossner Cartoonist, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Patrick Walsh, Senior Vice President, Training & Technology, SkillstormCommentary
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
By Patrick Walsh Senior Vice President, Training & Technology, Skillstorm, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Offensive Security Launches New Course and Certification for Exploit Development and Reverse Engineering
Cybercriminals Cash Out as Finance Industry Becomes Lucrative Targets
Ivanti to Acquire Cherwell to Enable End‑to‑End Service and Asset Management
TetherView Launches Digital BunkerTM, a Comprehensive One-Way-In and One-Way-Out Private Cloud for Enterprise Customers
Former Google and Microsoft Executive Joins CloudSphere as CEO to Accelerate Company Growth
Owl Cyber Defense Announces Industry's First Embedded Hardware-Enforced Cybersecurity Modules
CISA Launches Campaign to Reduce the Risk of Ransomware
Valtix Secures $12.5M in Strategic Investments
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Building Your Personal Privacy Risk Tolerance Profile
Even today, on Data Privacy Day, privacy professionals give you permission to admit you actually love targeted ads.
Learn SAML: The Language You Don't Know You're Already Speaking
Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users. Here's what you need to know about SAML (and what it has to do with "GoldenSAML").
Comparing Different AI Approaches to Email Security
There's a big difference between those that study 'known bads' and those that self-learn what is 'normal' and what isn't.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed