Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Planning Our Passwordless Future
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Troy Hunt: Organizations Make Security Choices Tough for Users
7 Modern-Day Cybersecurity Realities
News & Commentary
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Patch for Acrobat Zero-Day
Dark Reading Staff, Quick Hits
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Application Attacks Spike as Criminals Target Remote Workers
Dark Reading Staff, Quick Hits
Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Greetings, Earthlings
John Klossner, CartoonistCommentary
And the winner of Dark Reading's April cartoon caption contest is ...
By John Klossner Cartoonist, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato NetworksCommentary
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
By Etay Maor Sr. Director Security Strategy at Cato Networks, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Infrastructure Under Attack
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
By Marc Wilczek Digital Strategist & COO of Link11, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Tulsa Deals With Aftermath of Ransomware Attack
Dark Reading Staff, Quick Hits
Weekend attack shuts down several city sites and service.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime
Dark Reading Staff, Quick Hits
The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
10 Security Awareness Training Mistakes to Avoid
Joan Goodchild, Staff Editor
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
By Joan Goodchild Staff Editor, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Exchange Exploitation: Not Dead Yet
John Hammond, Senior Security Researcher at HuntressCommentary
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
By John Hammond Senior Security Researcher at Huntress, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
How North Korean APT Kimsuky Is Evolving Its Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Dark Reading Staff, Quick Hits
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Dark Reading Staff, Quick Hits
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Quote: Password Empowerment
Edge Editors, Dark Reading
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.
By Edge Editors Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSecCommentary
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
By Rob Simon Principal Security Consultant at TrustedSec, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
11 Reasons Why You Sorta Love Passwords
Edge Editors, Dark Reading
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
By Edge Editors Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Troy Hunt: Organizations Make Security Choices Tough for Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Arkose Labs Raises $70 Million Led by SoftBank Vision Fund 2
Cycode Raises $20 Million Series A Round From Insight Partners
ESG Report Uncovers Security Decision Makers 2021 Cybercrime Concerns
Kaspersky Research Finds DDoS Sttacks in Q1 2021 Return to Pre-Pandemic Numbers
SafeGuard Cyber Introduces Advanced Governance for Zoom Video Communications
Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority
Secretary of Homeland Security to Participate in U.S. Chamber of Commerce NOW + NEXT
LiveAction Acquires CounterFlow AI to Expand Network Security Offerings
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

10 Security Awareness Training Mistakes to Avoid
Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.
11 Reasons Why You Sorta Love Passwords
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
How to Move Beyond Passwords and Basic MFA
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...
Flash Poll
Video
Slideshows
Twitter Feed