Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How to Submit a Column to Dark Reading
7 Security Strategies as Employees Return to the Office
Inside the Ransomware Campaigns Targeting Exchange Servers
4 Open Source Tools to Add to Your Security Arsenal
News & Commentary
Biden Nominates Former NSA Officials for Top Cybersecurity Roles
Kelly Sheridan, Staff Editor, Dark ReadingNews
President Biden has nominated Jen Easterly as the new director of CISA and is expected to nominate Chris Inglis as the first national cyber director.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Malware Delivery via Google URLs
Dark Reading Staff, Quick Hits
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.
By Dark Reading Staff , 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy
Dark Reading Staff, Quick Hits
Jerome Powell tells 60 Minutes that cyberattacks have the potential to do major damage to US financial system.
By Dark Reading Staff , 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Uses Machine Learning to Predict Attackers' Next Steps
Robert Lemos, Contributing WriterNews
Researchers build a model to attribute attacks to specific groups based on tactics, techniques and procedures, and then figure out their next move.
By Robert Lemos Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
New Malware Downloader Spotted in Targeted Campaigns
Jai Vijayan, Contributing WriterNews
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
By Jai Vijayan Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Wake Up and Smell the JavaScript
Deepika Gajaria, VP of Products, Tala SecurityCommentary
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
By Deepika Gajaria VP of Products, Tala Security, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Spotlight: XDR
Eric Parizo, Senior Analyst, OmdiaCommentary
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
By Eric Parizo Senior Analyst, Omdia, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Unofficial Android App Store APKPure Infected With Malware
Dark Reading Staff, Quick Hits
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Launches New Threat Detection Dashboard
Dark Reading Staff, Quick Hits
Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
8 Security & Privacy Apps to Share With Family and Friends
Kelly Sheridan, Staff Editor, Dark Reading
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Sabrina Castiglione, Chief Financial Officer & Acting Head of TalentCommentary
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
By Sabrina Castiglione Chief Financial Officer & Acting Head of Talent, 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own
Jai Vijayan, Contributing WriterNews
White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
By Jai Vijayan Contributing Writer, 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
Fraudsters Use HTML Legos to Evade Detection in Phishing Attack
Dark Reading Staff, Quick Hits
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.
By Dark Reading Staff , 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
600K Payment Card Records Leaked After Swarmshop Breach
Dark Reading Staff, Quick Hits
A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
By Dark Reading Staff , 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Charles Herring, CTO and Co-Founder, WitFooCommentary
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
By Charles Herring CTO and Co-Founder, WitFoo, 4/8/2021
Comment4 comments  |  Read  |  Post a Comment
SecOps and DevOps: From Cooperation to Automation
Eric Parizo, Senior Analyst, OmdiaCommentaryVideo
Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps.
By Eric Parizo Senior Analyst, Omdia, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Did 4 Major Ransomware Groups Truly Form a Cartel?
Robert Lemos, Contributing WriterNews
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
By Robert Lemos Contributing Writer, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
Voice-Changing Software Found on APT Attackers' Server
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Cring Ransomware Used in Attacks on European Industrial Firms
Dark Reading Staff, Quick Hits
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
By Dark Reading Staff , 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Fortune 500 Security Shows Progress and Pitfalls
Kelly Sheridan, Staff Editor, Dark ReadingNews
Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Log management is nothing new. But doing so smartly, correctly, and concisely in today's data-driven world is another story.
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
For all of their benefits, IoT devices weren't built with security in mind -- and that can pose huge challenges.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
Flash Poll
Video
Slideshows
Twitter Feed