Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10 Free Security Tools at Black Hat Asia 2021
Dark Reading Celebrates 15th Anniversary
Ghost Town Security: What Threats Lurk in Abandoned Offices?
In Appreciation: Dan Kaminsky
News & Commentary
Cloud-Native Businesses Struggle with Security
Robert Lemos, Contributing WriterNews
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
By Robert Lemos Contributing Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Padraic O'Reilly, Chief Product Officer & Co-Founder of CyberSaint SecurityCommentary
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
By Padraic O'Reilly Chief Product Officer & Co-Founder of CyberSaint Security, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
How to Move Beyond Passwords and Basic MFA
Samuel Greengard, Freelance Writer
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
By Samuel Greengard Freelance Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Seek New Strategies to Improve Macros' Effectiveness
Robert Lemos, Contributing WriterNews
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
By Robert Lemos Contributing Writer, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Gap Between Security and Networking Teams May Hinder Tech Projects
Dark Reading Staff, Quick Hits
Professionals in each field describe a poor working relationship between the two teams
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
DoD Lets Researchers Target All Publicly Accessible Info Systems
Dark Reading Staff, Quick Hits
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Wanted: The (Elusive) Cybersecurity 'All-Star'
Steve Zurier, Contributing WriterNews
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
By Steve Zurier Contributing Writer, 5/5/2021
Comment1 Comment  |  Read  |  Post a Comment
Debating Law Enforcement's Role in the Fight Against Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Will 2021 Mark the End of World Password Day?
Jake Madders, Director, Hyve Managed HostingCommentary
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
By Jake Madders Director, Hyve Managed Hosting, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Newer Generic Top-Level Domains a Security 'Nuisance'
Jai Vijayan, Contributing WriterNews
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches for Webkit Security Flaws
Dark Reading Staff, Quick Hits
The vulnerabilities may already be under active attack, Apple says in an advisory.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Planning Our Passwordless Future
Samuel Greengard, Freelance Writer
All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
By Samuel Greengard Freelance Writer, 5/4/2021
Comment1 Comment  |  Read  |  Post a Comment
Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack
Jai Vijayan, Contributing WriterNews
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
Dark Reading Staff, Commentary
SPONSORED CONTENT: While organizations may be more vulnerable than ever to supply chain attacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, says Jon Check, senior director in Raytheon's cyber protection solutions unit.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Companies Adopting DevOps & Agile for Security
Robert Lemos, Contributing WriterNews
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
By Robert Lemos Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Scripps Health Responds to Cyberattack
Dark Reading Staff, Quick Hits
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Can Organizations Secure Remote Workers for the Long Haul?
Ian Pratt, Global head of Security for Personal Systems at HP Inc.Commentary
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
By Ian Pratt Global head of Security for Personal Systems at HP Inc., 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
It's Time to Ditch Celebrity Cybersecurity
Mieng Lim, VP of Product Management at Digital Defense By HelpSystemsCommentary
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
By Mieng Lim VP of Product Management at Digital Defense By HelpSystems, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31793
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
CVE-2021-31916
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...
CVE-2021-31918
PUBLISHED: 2021-05-06
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
CVE-2019-25043
PUBLISHED: 2021-05-06
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2020-18889
PUBLISHED: 2021-05-06
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
Flash Poll
Video
Slideshows
Twitter Feed