Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Planning Our Passwordless Future
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Troy Hunt: Organizations Make Security Choices Tough for Users
7 Modern-Day Cybersecurity Realities
News & Commentary
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5
In an effort to protect their organizations, security professionals can overdo it. The result often works against them.
By Joshua Goldfarb Director of Product Management at F5, 5/12/2021
Comment0 comments  |  Read  |  Post a Comment
Why You Should Be Prepared to Pay a Ransom
Christopher Muffat, CEO and founderCommentary
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
By Christopher Muffat CEO and founder, 5/12/2021
Comment0 comments  |  Read  |  Post a Comment
The Long Road to Rebuilding Trust after 'Golden SAML'-Like Attacks
Jai Vijayan, Contributing WriterNews
Eradicating 'privileged intruders' from the network in the aftermath of an attack poses major challenges, experts say.
By Jai Vijayan Contributing Writer, 5/12/2021
Comment0 comments  |  Read  |  Post a Comment
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Patch for Acrobat Zero-Day
Dark Reading Staff, Quick Hits
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Application Attacks Spike as Criminals Target Remote Workers
Dark Reading Staff, Quick Hits
Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Greetings, Earthlings
John Klossner, CartoonistCommentary
And the winner of Dark Reading's April cartoon caption contest is ...
By John Klossner Cartoonist, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato NetworksCommentary
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
By Etay Maor Sr. Director Security Strategy at Cato Networks, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Infrastructure Under Attack
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
By Marc Wilczek Digital Strategist & COO of Link11, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Tulsa Deals With Aftermath of Ransomware Attack
Dark Reading Staff, Quick Hits
Weekend attack shuts down several city sites and service.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime
Dark Reading Staff, Quick Hits
The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
10 Security Awareness Training Mistakes to Avoid
Joan Goodchild, Staff Editor
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
By Joan Goodchild Staff Editor, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Exchange Exploitation: Not Dead Yet
John Hammond, Senior Security Researcher at HuntressCommentary
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
By John Hammond Senior Security Researcher at Huntress, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
How North Korean APT Kimsuky Is Evolving Its Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Dark Reading Staff, Quick Hits
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Dark Reading Staff, Quick Hits
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Quote: Password Empowerment
Edge Editors, Dark Reading
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.
By Edge Editors Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSecCommentary
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
By Rob Simon Principal Security Consultant at TrustedSec, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Arkose Labs Raises $70 Million Led by SoftBank Vision Fund 2
Cycode Raises $20 Million Series A Round From Insight Partners
ESG Report Uncovers Security Decision Makers 2021 Cybercrime Concerns
Kaspersky Research Finds DDoS Sttacks in Q1 2021 Return to Pre-Pandemic Numbers
SafeGuard Cyber Introduces Advanced Governance for Zoom Video Communications
Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority
Secretary of Homeland Security to Participate in U.S. Chamber of Commerce NOW + NEXT
LiveAction Acquires CounterFlow AI to Expand Network Security Offerings
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

10 Security Awareness Training Mistakes to Avoid
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
11 Reasons Why You Sorta Love Passwords
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
How to Move Beyond Passwords and Basic MFA
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13873
PUBLISHED: 2021-05-12
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
Flash Poll
Video
Slideshows
Twitter Feed