Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Unconventional Pieces of Password Wisdom
New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says
Data Privacy Is in 23andMe CSO's DNA
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
News & Commentary
SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO
Kelly Sheridan, Staff Editor, Dark ReadingNews
IPO is the highest valued in cybersecurity history, according to reports.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
SMB Worm Targeting EternalBlue Vuln Spreads to US
Jai Vijayan, Contributing WriterNews
"Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.
By Jai Vijayan Contributing Writer, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Impersonation Becomes Top Phishing Technique
Dark Reading Staff, Quick Hits
A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.
By Dark Reading Staff , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
Robert Lemos, Contributing WriterNews
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.
By Robert Lemos Contributing Writer, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Already Unleashing Malware for Apple macOS M1 Chip
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Intl. Law Enforcement Operation Takes Down DoubleVPN
Dark Reading Staff, Quick Hits
The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.
By Dark Reading Staff , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
3 Things Every CISO Wishes You Understood
Vanessa Pegueros, Chief Trust & Security Officer, OneLoginCommentary
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
By Vanessa Pegueros Chief Trust & Security Officer, OneLogin, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
7 Skills the Transportation Sector Needs to Fuel Its Security Teams
Pam Baker, Contributing Writer
Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.
By Pam Baker Contributing Writer, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
9 Hot Trends in Cybersecurity Mergers & Acquisitions
Kelly Sheridan, Staff Editor, Dark Reading
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Travis Rosiek, Chief Technology and Strategy Officer, BluVector Commentary
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Google Updates Vulnerability Data Format to Support Automation
Robert Lemos, Contributing WriterNews
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
By Robert Lemos Contributing Writer, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Losses Drive Up Cyber-Insurance Costs
Jai Vijayan, Contributing WriterNews
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
By Jai Vijayan Contributing Writer, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Publishes Catalog of Poor Security Practices
Kelly Sheridan, Staff Editor, Dark ReadingNews
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.
By Kelly Sheridan Staff Editor, Dark Reading, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Data Reveals Gap in Americans' Security Awareness
Dark Reading Staff, Quick Hits
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
By Dark Reading Staff , 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Emile Monette, Director of Value Chain Security at SynopsysCommentary
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
By Emile Monette Director of Value Chain Security at Synopsys, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
3 Ways Cybercriminals Are Undermining MFA
Atif Mushtaq, Founder and Chief Product Officer, SlashNextCommentary
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
By Atif Mushtaq Founder and Chief Product Officer, SlashNext, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
Jai Vijayan, Contributing WriterNews
Rogue driver was distributed within gaming community in China, company says.
By Jai Vijayan Contributing Writer, 6/28/2021
Comment0 comments  |  Read  |  Post a Comment
Attacks Erase Western Digital Network-Attached Storage Drives
Robert Lemos, Contributing WriterNews
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.
By Robert Lemos Contributing Writer, 6/28/2021
Comment0 comments  |  Read  |  Post a Comment
New House Bill Aims to Drive Americans' Security Awareness
Dark Reading Staff, Quick Hits
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.
By Dark Reading Staff , 6/28/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tracks Attack Campaign Against Customer Support Agents
Dark Reading Staff, Quick Hits
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.
By Dark Reading Staff , 6/28/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Sevco Security Launches with $15 Million in Funding to Scale Adoption of Cloud-Native Security Asset Intelligence Platform
Versa Networks Secures $84M in Series D Funding to Accelerate SASE Growth
Noname Security Lands $60M Series B
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
Armis Data Highlights Need for Enterprise Security as End Users Lack Awareness of Major Cyberattacks
ISARA Corp. Introduces Advance Crypto Agility Suite
Semafone Announces Majority Investment from Livingbridge
Devo Technology Adds Former Microsoft and Carbon Black Executives to Expanded Leadership Team
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

Data Privacy Is in 23andMe CSO's DNA
How serious is the company about safeguarding its customers and their genetic information? "We're hiding data even from ourselves," says the biotech and genetic testing company's head of security.
rMTD: A Deception Method That Throws Attackers Off Their Game
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36406
PUBLISHED: 2021-07-01
uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll).
CVE-2020-36407
PUBLISHED: 2021-07-01
libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
CVE-2021-36080
PUBLISHED: 2021-07-01
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
CVE-2021-36081
PUBLISHED: 2021-07-01
Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.
CVE-2021-36082
PUBLISHED: 2021-07-01
ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.
Flash Poll
Video
Slideshows
Twitter Feed