Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cartoon Caption Winner: Be Careful Who You Trust
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How to Submit a Column to Dark Reading
News & Commentary
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Dark Reading Staff, Quick Hits
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
By Dark Reading Staff , 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
5 Ways Social Engineers Crack Into Human Beings
Joan Goodchild, Contributing Writer
These common human traits are the basic ingredients in the con-man's recipe for trickery.
By Joan Goodchild Contributing Writer, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Realistic Patch Management Tips, Post-SolarWinds
Sara Peters, Senior Editor at Dark Reading
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
By Sara Peters Senior Editor at Dark Reading, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Maxine Holt, Research Director, OmdiaCommentary
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
By Maxine Holt Research Director, Omdia, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Make Sure That Stimulus Check Lands in the Right Bank Account
Tom Pendergast, Chief Learning Officer at MediaPROCommentary
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
By Tom Pendergast Chief Learning Officer at MediaPRO, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Business Apps Spoofed in 45% of Impersonation Attacks
Dark Reading Staff, Quick Hits
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Still Seeing High Level of Attacker Activity
Robert Lemos, Contributing WriterNews
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
By Robert Lemos Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
Jai Vijayan, Contributing WriterNews
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
John McAfee Charged in 'Pump & Dump' Cryptocurrency Scheme
Dark Reading Staff, Quick Hits
Justice officials claim antivirus founder and associate fraudulently promoted altcoins via Twitter.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
New Social Security Scam Spoofs Government Badges
Dark Reading Staff, Quick Hits
Criminals text or email photos of fake government identification badges to trick people into sending money.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Qualys Is the Latest Victim of Accellion Data Breach
Jai Vijayan, Contributing WriterNews
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment1 Comment  |  Read  |  Post a Comment
Intel: More Than 90% of Our Vulnerabilities Found via Research
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Okta to Buy Rival Auth0
Dark Reading Staff, Quick Hits
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Dark Reading Staff, Quick Hits
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Design, Security, Tech Is the New Stack You Should Be Building
Sathish Muthukrishnan, Chief Information, Data and Digital Officer, AllyCommentary
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
By Sathish Muthukrishnan Chief Information, Data and Digital Officer, Ally, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Group-IB: Ransomware Empire Prospers in Pandemic-Hit World; Attacks Grow by 150%
Reblaze Launches Open Source Security Platform
Anomali Appoints New CEO
Kaspersky VPN Secure Connection Now Available on Macs with Apple Silicon
StorCentric Announces Nexsan Assureon Cloud Edition
SAFE Identity Announces Internet of Medical Things Working Group
NetMotion Survey: Only 12% of Enterprises Worldwide Have Fully Embraced SASE
Sequitur Labs Expands EmSPARK Security Suite Deployment Options
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Realistic Patch Management Tips, Post-SolarWinds
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
Name That Edge Toon: In Hot Water
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed