Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The CISO Life Is Half as Good
8 Security & Privacy Apps to Share With Family and Friends
Global Dwell Time Drops as Ransomware Attacks Accelerate
5 Objectives for Establishing an API-First Security Strategy
News & Commentary
Shift Left: From Concept to Practice
Mackenzie Jackson, Developer Advocate at GitGuardianCommentary
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
By Mackenzie Jackson Developer Advocate at GitGuardian, 4/26/2021
Comment0 comments  |  Read  |  Post a Comment
Window Snyder Launches Startup to Fill IoT Security Gaps
Kelly Sheridan, Staff Editor, Dark Reading
Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.
By Kelly Sheridan Staff Editor, Dark Reading, 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Password Manager Suffers 'Supply Chain' Attack
Dark Reading Staff, Quick Hits
A software update to Click Studios' Passwordstate password manager contained malware.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Insider Data Leaks: A Growing Enterprise Threat
Dark Reading Staff, Quick Hits
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features
Robert Lemos, Contributing WriterNews
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.
By Robert Lemos Contributing Writer, 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
SOC 2 Attestation Tips for SaaS Companies
Viral Trivedi, Chief Business Officer at Ampcus CyberCommentary
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
By Viral Trivedi Chief Business Officer at Ampcus Cyber, 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Tell Us the Truth: Why Do You LOVE Passwords?
Edge Editors, Dark Reading
There must be something you appreciate about the humble password, right? Tell us what you think.
By Edge Editors Dark Reading, 4/23/2021
Comment1 Comment  |  Read  |  Post a Comment
Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
Jai Vijayan, Contributing WriterNews
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.
By Jai Vijayan Contributing Writer, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Tip: Brush Up on Web Shells
Edge Editors, Dark Reading
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.
By Edge Editors Dark Reading, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
New CISA Advisories Warn of ICS Vulnerabilities
Dark Reading Staff, Quick Hits
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.
By Dark Reading Staff , 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Prometei Botnet Adds New Twist to Exchange Server Attacks
Dark Reading Staff, Quick Hits
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
By Dark Reading Staff , 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Improving the Vulnerability Reporting Process With 5 Steps
Bas Alberts, Principal Security Researcher, GitHub Security LabCommentary
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
By Bas Alberts Principal Security Researcher, GitHub Security Lab, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
University Suspends Project After Researchers Submitted Vulnerable Linux Patches
Robert Lemos, Contributing WriterNews
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
By Robert Lemos Contributing Writer, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment15 comments  |  Read  |  Post a Comment
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Rick van Galen, Security Engineer, 1PasswordCommentary
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
By Rick van Galen Security Engineer, 1Password, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
10 Free Security Tools at Black Hat Asia 2021
Jai Vijayan, Contributing Writer
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
By Jai Vijayan Contributing Writer, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications
Jai Vijayan, Contributing WriterNews
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
By Jai Vijayan Contributing Writer, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Who's Your Login?
Edge Editors, Dark Reading
If only Abbott and Costello were around today.
By Edge Editors Dark Reading, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Rapid7 Acquires Velociraptor Open Source Project
Dark Reading Staff, Quick Hits
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
By Dark Reading Staff , 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Justice Dept. Creates Task Force to Stop Ransomware Spread
Dark Reading Staff, Quick Hits
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
By Dark Reading Staff , 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.
There must be something you appreciate about the humble password, right? Tell us what you think.
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "See? I told you no one understands Linux."
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3472
PUBLISHED: 2021-04-26
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3494
PUBLISHED: 2021-04-26
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certai...
CVE-2020-15078
PUBLISHED: 2021-04-26
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
CVE-2021-25838
PUBLISHED: 2021-04-26
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.
CVE-2021-25839
PUBLISHED: 2021-04-26
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
Flash Poll
Video
Slideshows
Twitter Feed