Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Security 101: The 'PrintNightmare' Flaw
Kaseya Releases Security Patch as Companies Continue to Recover
The NSA's 'New' Mission: Get More Public With the Private Sector
AI and Cybersecurity: Making Sense of the Confusion
News & Commentary
8 Security Tools to be Unveiled at Black Hat USA
Ericka Chickowski, Contributing Writer
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
By Ericka Chickowski Contributing Writer, 7/28/2021
Comment0 comments  |  Read  |  Post a Comment
Biden Administration Responds to Geopolitical Cyber Threats
Tanner Johnson, Principal Analyst, Data Security, OmdiaCommentary
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
By Tanner Johnson Principal Analyst, Data Security, Omdia, 7/23/2021
Comment0 comments  |  Read  |  Post a Comment
7 Hot Cyber Threat Trends to Expect at Black Hat
Ericka Chickowski, Contributing Writer
A sneak peek of some of the main themes at Black Hat USA next month.
By Ericka Chickowski Contributing Writer, 7/22/2021
Comment1 Comment  |  Read  |  Post a Comment
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Dark Reading Staff, Quick Hits
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
Jai Vijayan, Contributing WriterNews
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
By Jai Vijayan Contributing Writer, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
How Gaming Attack Data Aids Defenders Across Industries
Robert Lemos, Contributing Writer
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
By Robert Lemos Contributing Writer, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
NSO Group Spyware Used On Journalists & Activists Worldwide
Dark Reading Staff, Quick Hits
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
When Ransomware Comes to (Your) Town
Derek Prall, Contributing Writer,
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
By Derek Prall, Contributing Writer , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
7 Ways AI and ML Are Helping and Hurting Cybersecurity
Andrey Shklyarov & Dmitry Vyrostkov, Chief Compliance Officer, DataArt / Chief Software Architect, Security Services, DataArtCommentary
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
By Andrey Shklyarov & Dmitry Vyrostkov Chief Compliance Officer, DataArt / Chief Software Architect, Security Services, DataArt, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Breaking Down the Threat of Going All-In With Microsoft Security
Nat Kausik, CEO and Co-Founder of BitglassCommentary
Limit risk by dividing responsibility for infrastructure, tools, and security.
By Nat Kausik CEO and Co-Founder of Bitglass, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Create New Approach to Detect Brand Impersonation
Kelly Sheridan, Staff Editor, Dark ReadingNews
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
Robert Lemos, Contributing WriterNews
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
By Robert Lemos Contributing Writer, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
4 Future Integrated Circuit Threats to Watch
Dr. Matthew Areno, Principal Engineer, Security Architecture and Engineering, IntelCommentary
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
By Dr. Matthew Areno Principal Engineer, Security Architecture and Engineering, Intel, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
How to Attract More Computer Science Grads to the Cybersecurity Field
Biagio DeSimone, Enterprise Solution Architect, Aqua Security
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
By Biagio DeSimone Enterprise Solution Architect, Aqua Security, 7/16/2021
Comment1 Comment  |  Read  |  Post a Comment
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
Jai Vijayan, Contributing WriterNews
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
By Jai Vijayan Contributing Writer, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
Robert Lemos, Contributing WriterNews
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
By Robert Lemos Contributing Writer, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Launches New Website to Aid Ransomware Defenders
Dark Reading Staff, Quick Hits
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.
By Dark Reading Staff , 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Kelly Sheridan, Staff Editor, Dark ReadingNews
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Dark Reading Staff, Quick Hits
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
By Dark Reading Staff , 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
How to Bridge On-Premises and Cloud Identity
Gerry Gebel, Head of Standards, Strata IdentityCommentary
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
By Gerry Gebel Head of Standards, Strata Identity, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Link11 Discovers Record Number of DDoS Attacks in First Half of 2021
The NordPass Password Manager Launches Its Enterprise Solution
Sevco Security Launches with $15 Million in Funding to Scale Adoption of Cloud-Native Security Asset Intelligence Platform
Versa Networks Secures $84M in Series D Funding to Accelerate SASE Growth
Noname Security Lands $60M Series B
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
Armis Data Highlights Need for Enterprise Security as End Users Lack Awareness of Major Cyberattacks
ISARA Corp. Introduces Advance Crypto Agility Suite
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

How to Attract More Computer Science Grads to the Cybersecurity Field
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
10 Mistakes Companies Make In Their Ransomware Responses
Hit by ransomware? These missteps can take a bad scenario and make it even worse.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.
CVE-2021-33617
PUBLISHED: 2021-07-31
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
Flash Poll
Video
Slideshows
Twitter Feed