Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Free Security Tools at Black Hat Asia 2021
In Appreciation: Dan Kaminsky
Window Snyder Launches Startup to Fill IoT Security Gaps
Looking for Greater Security Culture? Ask an 8-Bit Plumber
News & Commentary
Ransomware Task Force Publishes Framework to Fight Global Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
New Threat Group Carrying Out Aggressive Ransomware Campaign
Jai Vijayan, Contributing WriterNews
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
By Jai Vijayan Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
MITRE Adds MacOS, More Data Types to ATT&CK Framework
Robert Lemos, Contributing WriterNews
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
By Robert Lemos Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Dark Reading Staff, Quick Hits
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
By Dark Reading Staff , 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
Ghost Town Security: What Threats Lurk in Abandoned Offices?
Pam Baker, Contributing Writer
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
By Pam Baker Contributing Writer, 4/30/2021
Comment2 comments  |  Read  |  Post a Comment
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
By Steve Zurier Contributing Writer, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
The Ticking Time Bomb in Every Company's Code
Pedro Fortuna, CTO and Co-Founder of JscramblerCommentary
Developers must weigh the benefits and risks of using third-party code in Web apps.
By Pedro Fortuna CTO and Co-Founder of Jscrambler, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
XDR Pushing Endpoint Detection and Response Technologies to Extinction
Jai Vijayan, Contributing WriterNews
Ironically, EDR's success has spawn demand for technology that extends beyond it.
By Jai Vijayan Contributing Writer, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Connect Complex Specs to Software Vulnerabilities
Robert Lemos, Contributing WriterNews
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
By Robert Lemos Contributing Writer, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
API Hole on Experian Partner Site Exposes Credit Scores
Dark Reading Staff, Quick Hits
Student researcher is concerned security gap may exist on many other sites.
By Dark Reading Staff , 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
Dark Reading Staff, Quick Hits
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
By Dark Reading Staff , 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
Adobe Open Sources Tool for Anomaly Research
Robert Lemos, Contributing WriterNews
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.
By Robert Lemos Contributing Writer, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
Your Digital Identity's Evil Shadow
Sam Crowther, Founder, KasadaCommentary
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
By Sam Crowther Founder, Kasada, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
The Challenge of Securing Non-People Identities
Eric Kedrosky, Chief Information Security Officer at Sonrai SecurityCommentary
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
By Eric Kedrosky Chief Information Security Officer at Sonrai Security, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
By Kelly Sheridan Staff Editor, Dark Reading, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
74% of Financial Institutions See Spike in COVID-Related Threats
Dark Reading Staff, Quick Hits
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Dark Reading Staff, Quick Hits
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2Commentary
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
By Bert Kashyap CEO and Co-Founder at SecureW2, 4/28/2021
Comment6 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Rough Patch?
John Klossner, Cartoonist
And the winner of The Edge's April cartoon caption contest is ...
By John Klossner Cartoonist, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Is Your Cloud Raining Sensitive Data?
Or Azarzar, CTO & Co-Founder of LightspinCommentary
Learn common Kubernetes vulnerabilities and ways to avoid them.
By Or Azarzar CTO & Co-Founder of Lightspin, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by spirited0expire0mothball
Current Conversations E.T. ping 127.0.0.1
In reply to: E.T. ping 127.0.0.1
Post Your Own Reply
More Conversations
Products & Releases
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020
Mandiant Selects PlexTrac for its Proactive Assessment Reporting Platform
New Cybrary Feature Helps Leaders Translate Cybersecurity Skill Development into Meaningful Outcomes
Kaspersky: Targeted Ransomware Grows Nearly 800%
Deep Instinct Receives $100 Million in Series D Funding
TeamViewer Survey: Businesses Prepare for Post-Pandemic 'Hybrid' Workforce with New Policies, Tech Infrastructure
Trend Micro Revamps Partner Program
Mimecast Report: 61% of Organizations Were Infected with Ransomware in 2020
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

Ghost Town Security: What Threats Lurk in Abandoned Offices?
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
Cartoon Caption Winner: Rough Patch?
And the winner of The Edge's April cartoon caption contest is ...
10K Hackers Defend the Planet Against Extraterrestrials
Hack the Planet's Cyber Apocalypse capture-the-flag contest attracts 10,000 competitors from across the globe.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "I think he wants the wifi password."
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28359
PUBLISHED: 2021-05-02
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented...
CVE-2020-28943
PUBLISHED: 2021-04-30
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
CVE-2020-28944
PUBLISHED: 2021-04-30
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
CVE-2021-31792
PUBLISHED: 2021-04-30
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
CVE-2021-31934
PUBLISHED: 2021-04-30
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Flash Poll
Video
Slideshows
Twitter Feed