Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
How to Submit a Column to Dark Reading
7 Security Strategies as Employees Return to the Office
Inside the Ransomware Campaigns Targeting Exchange Servers
4 Open Source Tools to Add to Your Security Arsenal
News & Commentary
New Malware Downloader Spotted in Targeted Campaigns
Jai Vijayan, Contributing WriterNews
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
By Jai Vijayan Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Wake Up and Smell the JavaScript
Deepika Gajaria, VP of Products, Tala SecurityCommentary
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
By Deepika Gajaria VP of Products, Tala Security, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Spotlight: XDR
Eric Parizo, Senior Analyst, OmdiaCommentary
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
By Eric Parizo Senior Analyst, Omdia, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Unofficial Android App Store APKPure Infected With Malware
Dark Reading Staff, Quick Hits
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Launches New Threat Detection Dashboard
Dark Reading Staff, Quick Hits
Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
8 Security & Privacy Apps to Share With Family and Friends
Kelly Sheridan, Staff Editor, Dark Reading
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Sabrina Castiglione, Chief Financial Officer & Acting Head of TalentCommentary
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
By Sabrina Castiglione Chief Financial Officer & Acting Head of Talent, 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own
Jai Vijayan, Contributing WriterNews
White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
By Jai Vijayan Contributing Writer, 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
Fraudsters Use HTML Legos to Evade Detection in Phishing Attack
Dark Reading Staff, Quick Hits
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.
By Dark Reading Staff , 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
600K Payment Card Records Leaked After Swarmshop Breach
Dark Reading Staff, Quick Hits
A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
By Dark Reading Staff , 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Charles Herring, CTO and Co-Founder, WitFooCommentary
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
By Charles Herring CTO and Co-Founder, WitFoo, 4/8/2021
Comment4 comments  |  Read  |  Post a Comment
SecOps and DevOps: From Cooperation to Automation
Eric Parizo, Senior Analyst, OmdiaCommentaryVideo
Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps.
By Eric Parizo Senior Analyst, Omdia, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Did 4 Major Ransomware Groups Truly Form a Cartel?
Robert Lemos, Contributing WriterNews
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
By Robert Lemos Contributing Writer, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
Voice-Changing Software Found on APT Attackers' Server
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Cring Ransomware Used in Attacks on European Industrial Firms
Dark Reading Staff, Quick Hits
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
By Dark Reading Staff , 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Fortune 500 Security Shows Progress and Pitfalls
Kelly Sheridan, Staff Editor, Dark ReadingNews
Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking Cyberattack Response: Prevention & Preparedness
Hitesh Sheth, CEO, VectraCommentary
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
By Hitesh Sheth CEO, Vectra, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Transform Your Phishing Defenses Right Now
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Actively Seeking, Exploiting Vulnerable SAP Applications
Jai Vijayan, Contributing WriterNews
Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates.
By Jai Vijayan Contributing Writer, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Something Seems Afoul
John Klossner, CartoonistCommentary
And the winner of Dark Readings's March cartoon caption contest is ...
By John Klossner Cartoonist, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Lookout Launches New Global Channel Program
Okta Launches New Customer Identity Risk Ecosystem and Workflow Integrations
ThreatQuotient Closes $22.5 Million in New Financing
Beyond Identity Announces Zero Trust Authentication for Managed Devices and BYOD
Andy Ellis Named Operating Partner at YL Ventures
VMware Fixes Dangerous Vulnerabilities in Software for Infrastructure Monitoring
Code42 & Okta Partner to Automate Employee Access Controls
VMware Expands Into Container Security
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

9 Modern-Day Best Practices for Log Management
Log management is nothing new. But doing so smartly, correctly, and concisely in today's data-driven world is another story.
Name That Edge Toon: Rough Patch?
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
How to Build a Resilient IoT Framework
For all of their benefits, IoT devices weren't built with security in mind -- and that can pose huge challenges.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23371
PUBLISHED: 2021-04-12
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.
CVE-2020-24285
PUBLISHED: 2021-04-12
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
CVE-2021-29379
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
Flash Poll
Video
Slideshows
Twitter Feed