Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Does XDR Mark the Spot? 6 Questions to Ask
Metasploit Creator HD Moore's New Startup Raises $5M
Microsoft Exchange Server Attacks: 9 Lessons for Defenders
How to Submit a Column to Dark Reading
News & Commentary
Disrupting the Cybercriminal Supply Chain
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
It is time to turn the tables on cybercriminals and use their own tactics against them.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 3/23/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: In Hot Water
John Klossner, Cartoonist
And the winner of The Edge's March cartoon caption contest is ...
By John Klossner Cartoonist, 3/23/2021
Comment0 comments  |  Read  |  Post a Comment
Data Protection Is a Group Effort
Rajesh Ganesan, Vice President at ManageEngineCommentary
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
By Rajesh Ganesan Vice President at ManageEngine, 3/23/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover Two Dozen Malicious Chrome Extensions
Jai Vijayan, Contributing WriterNews
Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.
By Jai Vijayan Contributing Writer, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
Acer Reportedly Hit With $50M Ransomware Attack
Dark Reading Staff, Quick Hits
Reports say a ransomware gang has given Acer until March 28 to pay, or it will double the ransom amount.
By Dark Reading Staff , 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
CSA & ISACA Team Up on Cloud Auditing Certificate
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
Qualys CEO Courtot Departs for Health Reasons
Dark Reading Staff, Quick Hits
The well-known security industry entrepreneur initially took a leave of absence in February.
By Dark Reading Staff , 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
Top 3 Cybersecurity Lessons Learned From the Pandemic
Joe McMann, Global Cyber Security Portfolio Leader, CapgeminiCommentary
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
By Joe McMann Global Cyber Security Portfolio Leader, Capgemini, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
3 Classes of Account Fraud That Can Cost Your Company Big Time
Joshua Goldfarb, Director of Product Management at F5
Understanding each one can go a long way toward demystifying the topic as a whole — and combatting the threat.
By Joshua Goldfarb Director of Product Management at F5, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Tip: The Feds Are Your Friends
Edge Editors, Dark Reading
Here's what to expect when you report an insider incident to the FBI.
By Edge Editors Dark Reading, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
On the Road to Good Cloud Security: Are We There Yet?
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
By Paula Musich Research Director, Enterprise Management Associates, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
New Malware Hidden in Apple IDE Targets macOS Developers
Jai Vijayan, Contributing WriterNews
XcodeSpy is latest example of growing attacks on software supply chain.
By Jai Vijayan Contributing Writer, 3/19/2021
Comment1 Comment  |  Read  |  Post a Comment
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
Kelly Sheridan, Staff Editor, Dark ReadingNews
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Dark Reading Staff, Quick Hits
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
By Dark Reading Staff , 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
Russian Man Pleads Guilty in Thwarted Tesla Hack
Dark Reading Staff, Quick Hits
Egor Kriuchkov will be sentenced in May on conspiracy charge
By Dark Reading Staff , 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
How Us Shady Geeks Put Others Off Security
Dr. Sauvik Das, Assistant Professor of Interactive Computing, Georgia TechCommentary
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
By Dr. Sauvik Das Assistant Professor of Interactive Computing, Georgia Tech, 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
Tech Vendors' Lack of Security Transparency Worries Firms
Robert Lemos, Contributing WriterNews
A majority of firms say they're more likely to buy from suppliers that are open about security issues -- yet that sentiment isn't necessarily reflected in the technology providers they're currently working with.
By Robert Lemos Contributing Writer, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
Facebook Expands Security Key Support to iOS & Android
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
Women's History Month: Making Mentorship Meaningful
Sherry Lowe, CMO at ExabeamCommentary
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
By Sherry Lowe CMO at Exabeam, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
New CopperStealer Malware Hijacks Social Media Accounts
Dark Reading Staff, Quick Hits
Proofpoint researchers say it steals logins and spreads more malware.
By Dark Reading Staff , 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Understanding each one can go a long way toward demystifying the topic as a whole -- and combatting the threat.
They may have grown in sophistication, with more widespread consequences, yet today's distributed denial-of-service attacks can still be fought with conventional tools.
On the bean-to-cup journey, dangers await around every corner. Here, well-caffeinated security experts warn the coffee industry about the threats.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23362
PUBLISHED: 2021-03-23
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().
CVE-2020-12483
PUBLISHED: 2021-03-23
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
CVE-2021-20219
PUBLISHED: 2021-03-23
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system a...
CVE-2021-20222
PUBLISHED: 2021-03-23
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-20227
PUBLISHED: 2021-03-23
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability...
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed