Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
FBI Warns of DoppelPaymer Attacks on Critical Infrastructure
Dark Reading Staff, Quick Hits
The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.
By Dark Reading Staff , 12/18/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates
Jai Vijayan, Contributing WriterNews
Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
By Jai Vijayan Contributing Writer, 12/18/2020
Comment0 comments  |  Read  |  Post a Comment
5 Key Takeaways From the SolarWinds Breach
Jai Vijayan, Contributing Writer
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
By Jai Vijayan Contributing Writer, 12/18/2020
Comment0 comments  |  Read  |  Post a Comment
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 12/18/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious Browser Extensions for Social Media Infect Millions of Systems
Robert Lemos, Contributing WriterNews
At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data.
By Robert Lemos Contributing Writer, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
'SocGholish' Attack Framework Powers Surge in Drive-By Attacks
Ericka Chickowski, Contributing WriterNews
Menlo Labs research team says framework's social engineering toolkit helps criminals impersonate software updates.
By Ericka Chickowski Contributing Writer, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
XDR 101: What's the Big Deal About Extended Detection & Response?
Curtis Franklin Jr., Senior Editor at Dark Reading
Extended Detection and Response (XDR) could be the security management technology of your dreams...or not. What makes this technical 'evolution' so interesting to so many companies?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond
IFSEC Global, StaffNews
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.
By IFSEC Global Staff, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
51% of WFH Parents Say Children Have Accessed Work Accounts
Dark Reading Staff, Quick Hits
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.
By Dark Reading Staff , 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
VPNs, MFA & the Realities of Remote Work
Petar Besalev, Senior Vice President of Cybersecurity & Privacy Services at A-LIGNCommentary
The work-from-home-era is accelerating cloud-native service adoption.
By Petar Besalev Senior Vice President of Cybersecurity & Privacy Services at A-LIGN, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond
Jai Vijayan, Contributing WriterNews
White House National Security Council establishes unified group to coordinate response across federal agencies to the threat.
By Jai Vijayan Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Leverage IMAP to Infiltrate Email Accounts
Dark Reading Staff, Quick Hits
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.
By Dark Reading Staff , 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
New IRS Form Fraud Campaign Targets G Suite Users
Dark Reading Staff, Quick Hits
At least 50,000 executives have been affected so far.
By Dark Reading Staff , 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
Kelly Sheridan, Staff Editor, Dark ReadingNews
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Senior Managers Twice as Likely to Share Work Devices With Outsiders
Steve Zurier, Contributing WriterNews
New survey finds top C-suite managers are much shakier on security than their junior counterparts.
By Steve Zurier Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Why the Weakest Links Matter
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
By Adam Caudill Principal Security Engineer at 1Password, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Patching Still Poses Problems for Industrial Controllers, Networking Devices
Robert Lemos, Contributing WriterNews
More than 90% of devices that run popular embedded operating systems remain vulnerable to critical flaws disclosed more than a year ago.
By Robert Lemos Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Why Secure Email Gateways Rewrite Links (and Why They Shouldn't)
Darktrace Experts, Staff
Redirecting a user to a trusted server buys a secure email gateway company some time while it decides whether a URL is malicious -- but there are avoidable drawbacks to this approach.
By Darktrace Experts Staff, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by 192.168.1.1
Current Conversations thanks a lot of you
In reply to: thanks
Post Your Own Reply
More Conversations
Products & Releases
CyberRatings.org Announces 2021 SD-WAN Product Ratings
Sectigo IoT Security & Identity Management Advancements Speed Integration and Use in Multivendor Ecosystems
Lack of Protective Intelligence has Resulted in Missed Physical Threats and Harm, Putting Business Leaders Under Unprecedented Financial, Reputation and Liability Pressure in 2021, Study Finds
Retailers Ramp Up Security Measures for 2020 Holiday Season
BigID Announces $70 Million in New Investment, Raising the Company's Valuation to $1B
EAST and FS-ISAC Join Forces to Help Combat Fraud with Cyber Threat Intelligence
Farsight Security Debuts ThreatConnect Playbooks for Faster Threat Hunting
4iQ and Alto Analytics Merge and Rebrand as Constella Intelligence
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

XDR 101: What's the Big Deal About Extended Detection & Response?
Extended Detection and Response (XDR) could be the security management technology of your dreams...or not. What makes this technical 'evolution' so interesting to so many companies?
Why Secure Email Gateways Rewrite Links (and Why They Shouldn't)
Redirecting a user to a trusted server buys a secure email gateway company some time while it decides whether a URL is malicious -- but there are avoidable drawbacks to this approach.
2021 Security Budgets: 6 Top Priorities, New Realities
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35579
PUBLISHED: 2020-12-20
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a ...
CVE-2020-35573
PUBLISHED: 2020-12-20
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
CVE-2020-14224
PUBLISHED: 2020-12-18
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the pr...
CVE-2020-14271
PUBLISHED: 2020-12-18
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the securi...
CVE-2020-7200
PUBLISHED: 2020-12-18
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed