Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Learn SAML: The Language You Don't Know You're Already Speaking
How to Better Secure Your Microsoft 365 Environment
COVID-19: Latest Security News & Commentary
Privacy Teams Helped Navigate the Pivot to Work-from-Home
News & Commentary
Concerns Over API Security Grow as Attacks Increase
Jai Vijayan, Contributing WriterNews
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
By Jai Vijayan Contributing Writer, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Robert Lemos, Contributing WriterNews
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
By Robert Lemos Contributing Writer, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
An Observability Pipeline Could Save Your SecOps Team
Nick Heudecker, Senior Director of Market Strategy, CriblCommentary
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
By Nick Heudecker Senior Director of Market Strategy, Cribl, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers Spent Months in Corporate Email System: Report
Dark Reading Staff, Quick Hits
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
By Dark Reading Staff , 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
What I Wish I Knew at the Start of My InfoSec Career
Joan Goodchild, Contributing Writer
Security pros identify lessons learned that impact how they view infosec today.
By Joan Goodchild Contributing Writer, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Security in a Complex World
Bryan Barney, CEO, RedSealCommentary
Innovation and complexity can co-exist; the key is to use innovation to make ever-expanding complexity comprehensible and its effects predictable.
By Bryan Barney CEO, RedSeal, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
FTC: ID Theft Doubled in 2020
Dark Reading Staff, Quick Hits
The Federal Trade Commission said a surge in reports of identity theft occurred amid the COVID-19 pandemic.
By Dark Reading Staff , 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Agent Tesla Upgrades with New Delivery & Evasion Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection.
By Kelly Sheridan Staff Editor, Dark Reading, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Average Ransom Payments Declined Last Quarter
Jai Vijayan, Contributing WriterNews
More victims appear to be realizing that paying a ransom doesn't guarantee stolen data will be purged.
By Jai Vijayan Contributing Writer, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
RF Enables Takeover of Hostile Drones
Jeffrey Starr, CMO, D-Fend SolutionsCommentary
Tempting as it may be to blast drones out of the sky, a less aggressive approach may yield better data about attackers — and keep bystanders safe.
By Jeffrey Starr CMO, D-Fend Solutions, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Continue to Nibble at Apple's iOS Security
Robert Lemos, Contributing WriterNews
For the second time in less than three months, Apple has patched vulnerabilities in the software for iPhone and iPad, warning that the issues are already being targeted by attackers.
By Robert Lemos Contributing Writer, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Confirms Zero-Day Vulnerability
Dark Reading Staff, Quick Hits
The confirmation arrives as researchers with NCC Group detect a SonicWall zero-day flaw under active attack.
By Dark Reading Staff , 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Fighting Fileless Malware, Part 1: What Is It?
Rui Maximo, Cybersec Entrepreneur
Despite multiple layers of protection, fileless malware cyberattacks remain rampant and difficult to defeat. In this, the first of The Edge's three-part series about the cyberthreat and how to fight back, you'll learn what fileless malware is and why it's so dangerous.
By Rui Maximo Cybersec Entrepreneur, 2/2/2021
Comment1 Comment  |  Read  |  Post a Comment
How Recruiting Women Can Help Solve Security's Biggest Problems
Sarah Tatsis, VP, Advanced Technology Development Labs, BlackBerryCommentary
We can solve cybersecurity's longstanding talent gap by bringing more women into the field.
By Sarah Tatsis VP, Advanced Technology Development Labs, BlackBerry, 2/2/2021
Comment1 Comment  |  Read  |  Post a Comment
Interview With a Russian Cybercriminal
Kelly Sheridan, Staff Editor, Dark ReadingNews
A LockBit ransomware operator shared with researchers why he became involved in cybercrime, how he chooses victims, and what's in his toolbox.
By Kelly Sheridan Staff Editor, Dark Reading, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Data on 1.4 Million Washington State Residents Breached
Dark Reading Staff, Quick Hits
Unemployment data exposed via third-party software attack.
By Dark Reading Staff , 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
Increase in Physical Security Incidents Adds to IT Security Pressures
Jai Vijayan, Contributing WriterNews
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.
By Jai Vijayan Contributing Writer, 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Edge Toon: Be Careful Who You Trust
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 2/1/2021
Comment5 comments  |  Read  |  Post a Comment
US Needs Comprehensive Policy to Combat China on IP Theft
Robert Lemos, Contributing WriterNews
The United States cannot lose sight of Chinese cyber operations that target intellectual property, a panel of experts says.
By Robert Lemos Contributing Writer, 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
Rapid7 Acquires Alcide, Strengthens Focus on Cloud
Dark Reading Staff, Quick Hits
Its $50 million purchase of Alcide, a Kubernetes security provider, follows its 2020 acquisition of cloud security vendor DivvyCloud.
By Dark Reading Staff , 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
DH2i Pre-Pandemic State of Virtual Private Networks (VPNs) Survey Reveals Inadequate Security Is Number One VPN Pain Point
Uniphore Unveils Technologies to Strengthen Both Agent and Customer Experiences in the Contact Center
Fortinet Announces AI-powered XDR for Fully Automated Threat Detection, Investigation, and Response
Berryville Institute of Machine Learning (BIML) Gets $150,000 Open Philanthropy Grant
Dasera Releases Data Lifecycle Trust and Privacy Report on Data Privacy Day
Offensive Security Launches New Course and Certification for Exploit Development and Reverse Engineering
Cybercriminals Cash Out as Finance Industry Becomes Lucrative Targets
Ivanti to Acquire Cherwell to Enable End‑to‑End Service and Asset Management
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

What I Wish I Knew at the Start of My InfoSec Career
Security pros identify lessons learned that impact how they view infosec today.
Fighting Fileless Malware, Part 1: What Is It?
Despite multiple layers of protection, fileless malware cyberattacks remain rampant and difficult to defeat. In this, the first of The Edge's three-part series about the cyberthreat and how to fight back, you'll learn what fileless malware is and why it's so dangerous.
Edge Poll: Hook, Line, and Sinker
How confident are you in your security team's ability to protect your organization from phishing?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I know I keep saying I miss Clippy, but not sure this is what I had in mind!
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3401
PUBLISHED: 2021-02-04
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer sta...
CVE-2021-26024
PUBLISHED: 2021-02-03
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
CVE-2021-26023
PUBLISHED: 2021-02-03
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
CVE-2020-9388
PUBLISHED: 2021-02-03
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
CVE-2020-9389
PUBLISHED: 2021-02-03
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed