Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

How the Shady Zero-Day Sales Game Is Evolving

6 Open Source Tools for Your Security Team

COVID-19: Latest Security News & Commentary

Top Stories

How the Shady Zero-Day Sales Game Is ...

6 Open Source Tools for Your Security Team

More SolarWinds Attack Details Emerge

COVID-19: Latest Security News & Commentary

News & Commentary

Comparing Different AI Approaches to Email Security

Get to know the difference between "supervised" and "unsupervised" machine learning.

By Darktrace Experts Staff, 1/25/2021

0 comments | Read | Post a Comment

Intel Confirms Unauthorized Access of Earnings-Related Data

News

News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.

By Jai Vijayan Contributing Writer, 1/22/2021

0 comments | Read | Post a Comment

Speed of Digital Transformation May Lead to Greater App Vulnerabilities

News

The fastest-moving industries are struggling to produce secure code, according to AppSec experts.

By Robert Lemos Contributing Writer, 1/22/2021

0 comments | Read | Post a Comment

How Cybersecurity Newbs Can Start Out on the Right Foot

Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.

By Joan Goodchild Contributing Writer, 1/22/2021

0 comments | Read | Post a Comment

Why North Korea Excels in Cybercrime

Marc Wilczek, Digital Strategist & COO of Link11

Commentary

North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.

By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021

0 comments | Read | Post a Comment

DreamBus, FreakOut Botnets Pose New Threat to Linux Systems

News

Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.

By Jai Vijayan Contributing Writer, 1/21/2021

0 comments | Read | Post a Comment

Breach Data Shows Attackers Switched Gears in 2020

News

Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.

By Robert Lemos Contributing Writer, 1/21/2021

0 comments | Read | Post a Comment

Attackers Leave Stolen Credentials Searchable on Google

Kelly Sheridan, Staff Editor, Dark Reading

News

Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.

By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021

0 comments | Read | Post a Comment

Cloud Jacking: The Bold New World of Enterprise Cybersecurity

Commentary

Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.

By Bernie Brode Nano Product Researcher, 1/21/2021

0 comments | Read | Post a Comment

7 Steps to Secure a WordPress Site

Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.

By Steve Zurier Contributing Writer, 1/21/2021

0 comments | Read | Post a Comment

Hacker Pig Latin: A Base64 Primer for Security Analysts

The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.

By Daniel Smallwood Senior Threat Research Engineer, IronNet, 1/21/2021

0 comments | Read | Post a Comment

Rethinking IoT Security: It's Not About the Devices

May Wang, Senior Distinguished Engineer at Palo Alto Networks

Commentary

Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.

By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021

0 comments | Read | Post a Comment

Microsoft Releases New Info on SolarWinds Attack Chain

News

Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.

By Jai Vijayan Contributing Writer, 1/20/2021

0 comments | Read | Post a Comment

SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration

News

During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.

By Robert Lemos Contributing Writer, 1/20/2021

0 comments | Read | Post a Comment

Tips for a Bulletproof War Room Strategy

Lee Chieffalo, Technical Director of Cybersecurity Operations at Viasat

Commentary

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.

By Lee Chieffalo Technical Director of Cybersecurity Operations at Viasat, 1/20/2021

0 comments | Read | Post a Comment

Vulnerabilities in Popular DNS Software Allow Poisoning

News

Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.

By Robert Lemos Contributing Writer, 1/19/2021

0 comments | Read | Post a Comment

Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw

Quick Hits

Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.

By Dark Reading Staff , 1/19/2021

0 comments | Read | Post a Comment

SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/19/2021

0 comments | Read | Post a Comment

4 Intriguing Email Attacks Detected by AI in 2020

Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)

By Edge Editors Dark Reading, 1/19/2021

0 comments | Read | Post a Comment

The Most Pressing Concerns Facing CISOs Today

John Worrall, Chief Executive Officer at ZeroNorth

Commentary

Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.

By John Worrall Chief Executive Officer at ZeroNorth, 1/19/2021

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by Michelle

Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.

In reply to: Man-in-the-top-drawer Attack
Post Your Own Reply

Posted by Ace2010

I am the Genie of the Desk and I am here to grant you three Security Patches!

In reply to: Genie of the Desk Drawer
Post Your Own Reply

Posted by RickStaples

Hi, I am Mike, your new Multi-Factor Bot. What is your mother's maiden name?

In reply to: MFA
Post Your Own Reply

Posted by allistew

STOP LOOKING IN HERE FOR YOUR PASSWORD!!!

In reply to: Password Security
Post Your Own Reply

Posted by Hyznbrg

If it's not in CRM... it didn't happen!

In reply to: Home Office Managers
Post Your Own Reply

Posted by pmauriks

I keep a cardboard cutout of the boss in my desk, to remind me of what working in the office felt like.

In reply to: Name that Toon
Post Your Own Reply

Posted by pmauriks

I like the old version of Google assistant much better.

In reply to: Cartoon Contest.
Post Your Own Reply

Posted by pmauriks

Pop-up ads have really come a long way!

In reply to: Cartoon Contest.
Post Your Own Reply

Posted by Stephen.py

Hunny, I looked every where for the dorritos.

In reply to: Working from home
Post Your Own Reply

Posted by Ace2010

My only regret is not maintaining proper social distancing

In reply to: Regrets
Post Your Own Reply

Posted by Ace2010

The penalty for improper wearing of your COVID mask.

In reply to: Proper wearing of your masks
Post Your Own Reply

Posted by Ace2010

They told me I was going to be on Jeopardy, not "in Jeopardy"

In reply to: in Jeopardy
Post Your Own Reply

More Conversations

Products & Releases

CISA Launches Campaign to Reduce the Risk of Ransomware

Valtix Secures $12.5M in Strategic Investments

NextGen Cyber Talent Announces its First Pilot Cohort and Governing Board

TAG Cyber Collaborates with Kean University Center for Cybersecurity to Award Grants to Students

Over Half of UK Businesses Cite Security Concerns as Biggest Barrier to Public Cloud Adoption

New Podcast Launches Focused on Security Start-up Entrepreneurs

Varonis Announces New Features to Combat Insider Threats and Collaboration Risks in Microsoft 365

Swimlane Raises $40M Growth Round to Deliver Hyper Automated Security Operations

More Products & Releases

PR Newswire

Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Webinars

What We Can Learn from Sports Analytics

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

ROI and Beyond for the Cloud

Webinar Archives

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.

Cartoon Archive

White Papers

The Value of Threat Intelligence with DomainTools: Identify Threats 82% Faster

What To Consider Before Renewing Your SD-WAN

Zero Trust Evaluation Guide

2020 Gartner Market Guide for Network Detection & Response

The Insecure State of Microsoft Teams Security

More White Papers

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-23901
PUBLISHED: 2021-01-25

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...

CVE-2020-17532
PUBLISHED: 2021-01-25

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

CVE-2020-12512
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

CVE-2020-12513
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

CVE-2020-12514
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Flash Poll

All Polls