Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
What I Wish I Knew at the Start of My InfoSec Career
7 Things We Know So Far About the SolarWinds Attacks
Fighting Fileless Malware, Part 1: What Is It?
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
News & Commentary
Kia Denies Ransomware Attack as IT Outage Continues
Dark Reading Staff, Quick Hits
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
By Dark Reading Staff , 2/19/2021
Comment1 Comment  |  Read  |  Post a Comment
Attackers Already Targeting Apple's M1 Chip with Custom Malware
Robert Lemos, Contributing WriterNews
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
By Robert Lemos Contributing Writer, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
How to Fine-Tune Vendor Risk Management in a Virtual World
Ryan Smyth & Spencer MacDonald, Managing Director / Director, FTI TechnologyCommentary
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
By Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Concludes Internal Investigation into Solorigate Breach
Robert Lemos, Contributing WriterNews
The software giant found no evidence that attackers gained extensive access to services or customer data.
By Robert Lemos Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Buys Log Management Startup Humio for $400M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
By Dark Reading Staff , 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Offers Closer Look at Its Platform Security Technologies, Features
Jai Vijayan, Contributing WriterNews
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
By Jai Vijayan Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Azure Front Door Gets a Security Upgrade
Kelly Sheridan, Staff Editor, Dark ReadingNews
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
By Kelly Sheridan Staff Editor, Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Data Security Accountability in an Age of Regular Breaches
Tanner Johnson, Senior Analyst, Connectivity & IoT, OMDIACommentary
As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
By Tanner Johnson Senior Analyst, Connectivity & IoT, OMDIA, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
How to Run a Successful Penetration Test
Steve Zurier, Contributing Writer
These seven tips will help ensure a penetration test improves your organization's overall security posture.
By Steve Zurier Contributing Writer, 2/18/2021
Comment1 Comment  |  Read  |  Post a Comment
Virginia Takes Different Tack Than California With Data Privacy Law
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Tip: Say What You Know
Edge Editors, Dark Reading
During the immediate period following a breach, it's vital to move fast — but not trip over yourself.
By Edge Editors Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
Robert Lemos, Contributing WriterNews
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
By Robert Lemos Contributing Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
Jai Vijayan, Contributing WriterNews
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
By Jai Vijayan Contributing Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
Dark Reading Staff, Quick Hits
Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach.
By Dark Reading Staff , 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Kia Faces $20M DoppelPaymer Ransomware Attack
Dark Reading Staff, Quick Hits
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
By Dark Reading Staff , 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware? Let's Call It What It Really Is: Extortionware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Etiquette: How to Mind Your Manners When It Matters
Samuel Greengard, Freelance Writer
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
By Samuel Greengard Freelance Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
4 Predictions for the Future of Privacy
Bart Willemsen, Research Vice President at GartnerCommentary
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
By Bart Willemsen Research Vice President at Gartner, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by mmillslagel85001
Current Conversations That's a great drum.
In reply to: campfire
Post Your Own Reply
More Conversations
Products & Releases
WhiteHat Security: 50% of Apps Are Vulnerable
Red Canary Closes $81M Series C
1Kosmos Secures $15 Million in Series A Funding From ForgePoint Capital
New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises
Latest Release of Tripwire Configuration Manager Increases Protection for Cloud-Based Assets
Cado Security Makes New Appointments to Global Team
WatchGuard Adds New Capabilities to WatchGuard Cloud Management Platform
CISO-Led Group Invests In API Security Firm Traceable
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Breach Etiquette: How to Mind Your Manners When It Matters
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
Fighting Fileless Malware, Part 3: Mitigations
Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?
Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough
With the pandemic as a backdrop, cybercriminals have recognized an unprecedented opportunity to steer billions of dollars in unemployment claims into the own accounts.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I said I wanted 'fish' for dinner, he thought I said 'phish'.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26716
PUBLISHED: 2021-02-21
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
CVE-2021-26544
PUBLISHED: 2021-02-20
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.
CVE-2020-28248
PUBLISHED: 2021-02-20
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
CVE-2020-12668
PUBLISHED: 2021-02-19
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
CVE-2020-12873
PUBLISHED: 2021-02-19
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Flash Poll
Video
Slideshows
Twitter Feed