Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
How the Shady Zero-Day Sales Game Is Evolving
6 Open Source Tools for Your Security Team
More SolarWinds Attack Details Emerge
COVID-19: Latest Security News & Commentary
News & Commentary
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff, Quick Hits
Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.
By Dark Reading Staff , 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Before I Go ...
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 1/15/2021
Comment1 Comment  |  Read  |  Post a Comment
How to Achieve Collaboration Tool Compliance
Marc Gilman, VP of Compliance and General Counsel, Theta LakeCommentary
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
By Marc Gilman VP of Compliance and General Counsel, Theta Lake, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
These Kids Are All Right
Edge Editors, Dark Reading
Faculty and students at the William E. Doar School for the Performing Arts in Washington, D.C. created "Cyberspace," a rap song about online safety as part of the NSA's national STOP. THINK. CONNECT. campaign back in 2012. Wonder how many went into security.
By Edge Editors Dark Reading, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
Robert Lemos, Contributing WriterNews
A new machine learning tool aims to mine privacy policies on behalf of users.
By Robert Lemos Contributing Writer, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle with Cloud Availability as Attackers Take Aim
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Recommends Using Only 'Designated' DNS Resolvers
Dark Reading Staff, Quick Hits
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
IFSEC Global, StaffNews
It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?
By James Willison, founder of Unified Security Ltd , 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Dark Reading Staff, Quick Hits
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Huntress Acquires EDR Technology From Level Effect
Dark Reading Staff, Quick Hits
Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Understanding TCP/IP Stack Vulnerabilities in the IoT
Samuel Greengard, Freelance Writer
Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.
By Samuel Greengard Freelance Writer, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/12/2021
Comment1 Comment  |  Read  |  Post a Comment
United Nations Security Flaw Exposed 100K Staff Records
Dark Reading Staff, Quick Hits
Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
By Dark Reading Staff , 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
How to Boost Executive Buy-In for Security Investments
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Cybersecurity and Networking Staffing Company CIBR Warriors Launches Nationwide
Lacework Closes a $525 Million Growth Round to Scale Up Infrastructure Security for the Cloud Generation
Cyberbit Kicks Off America's Cyber Cup to Find World's Best Cyber Defense Team
Vdoo Reveals an Extension Funding Round with Qumra Capital and Verizon Ventures Joining as Investors
Cyber Risk Ratings Leader NormShield Rebrands to 'Black Kite'
Francisco Partners Completes Acquisition of Forcepoint
Telos Announces Latest Version of its Next-Generation Cyber Risk Management Platform
Cybersecurity Firm Nisos Announces New Funding and CEO
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Name That Toon: Before I Go ...
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Understanding TCP/IP Stack Vulnerabilities in the IoT
Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.
Rethinking Email Security in the Face of Fearware
E-mail messages preying on fear have ramped up since the COVID-19 outbreak, raising questions about security's reliance on historical data about past attacks to predict the future
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed