Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Free Security Tools at Black Hat Asia 2021
Dark Reading Celebrates 15th Anniversary
Ghost Town Security: What Threats Lurk in Abandoned Offices?
In Appreciation: Dan Kaminsky
News & Commentary
CISA Publishes Analysis on New 'FiveHands' Ransomware
Dark Reading Staff, Quick Hits
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud-Native Businesses Struggle with Security
Robert Lemos, Contributing WriterNews
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
By Robert Lemos Contributing Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Padraic O'Reilly, Chief Product Officer & Co-Founder of CyberSaint SecurityCommentary
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
By Padraic O'Reilly Chief Product Officer & Co-Founder of CyberSaint Security, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
How to Move Beyond Passwords and Basic MFA
Samuel Greengard, Freelance Writer
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
By Samuel Greengard Freelance Writer, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Seek New Strategies to Improve Macros' Effectiveness
Robert Lemos, Contributing WriterNews
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
By Robert Lemos Contributing Writer, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Gap Between Security and Networking Teams May Hinder Tech Projects
Dark Reading Staff, Quick Hits
Professionals in each field describe a poor working relationship between the two teams
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
DoD Lets Researchers Target All Publicly Accessible Info Systems
Dark Reading Staff, Quick Hits
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Wanted: The (Elusive) Cybersecurity 'All-Star'
Steve Zurier, Contributing WriterNews
Separate workforce studies by (ISC)² and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
By Steve Zurier Contributing Writer, 5/5/2021
Comment1 Comment  |  Read  |  Post a Comment
Debating Law Enforcement's Role in the Fight Against Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Will 2021 Mark the End of World Password Day?
Jake Madders, Director, Hyve Managed HostingCommentary
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
By Jake Madders Director, Hyve Managed Hosting, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Newer Generic Top-Level Domains a Security 'Nuisance'
Jai Vijayan, Contributing WriterNews
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches for Webkit Security Flaws
Dark Reading Staff, Quick Hits
The vulnerabilities may already be under active attack, Apple says in an advisory.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Planning Our Passwordless Future
Samuel Greengard, Freelance Writer
All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
By Samuel Greengard Freelance Writer, 5/4/2021
Comment1 Comment  |  Read  |  Post a Comment
Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack
Jai Vijayan, Contributing WriterNews
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
Dark Reading Staff, Commentary
SPONSORED CONTENT: While organizations may be more vulnerable than ever to supply chain attacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, says Jon Check, senior director in Raytheon's cyber protection solutions unit.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Companies Adopting DevOps & Agile for Security
Robert Lemos, Contributing WriterNews
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
By Robert Lemos Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Scripps Health Responds to Cyberattack
Dark Reading Staff, Quick Hits
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Can Organizations Secure Remote Workers for the Long Haul?
Ian Pratt, Global head of Security for Personal Systems at HP Inc.Commentary
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
By Ian Pratt Global head of Security for Personal Systems at HP Inc., 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
SafeGuard Cyber Introduces Advanced Governance for Zoom Video Communications
Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority
Secretary of Homeland Security to Participate in U.S. Chamber of Commerce NOW + NEXT
LiveAction Acquires CounterFlow AI to Expand Network Security Offerings
Sectigo Acquires SiteLock, Solidifying Its Market-Leading Position in Web Security
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020
Mandiant Selects PlexTrac for its Proactive Assessment Reporting Platform
New Cybrary Feature Helps Leaders Translate Cybersecurity Skill Development into Meaningful Outcomes
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

How to Move Beyond Passwords and Basic MFA
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
Debating Law Enforcement's Role in the Fight Against Cybercrime
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
Planning Our Passwordless Future
All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31828
PUBLISHED: 2021-05-06
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
CVE-2020-18888
PUBLISHED: 2021-05-06
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
CVE-2020-18890
PUBLISHED: 2021-05-06
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
CVE-2021-31793
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
CVE-2021-31916
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...
Flash Poll
Video
Slideshows
Twitter Feed