Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
What I Wish I Knew at the Start of My InfoSec Career
7 Things We Know So Far About the SolarWinds Attacks
Fighting Fileless Malware, Part 1: What Is It?
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
News & Commentary
Microsoft Concludes Internal Investigation into Solorigate Breach
Robert Lemos, Contributing WriterNews
The software giant found no evidence that attackers gained extensive access to services or customer data.
By Robert Lemos Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Buys Log Management Startup Humio for $400M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
By Dark Reading Staff , 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Offers Closer Look at Its Platform Security Technologies, Features
Jai Vijayan, Contributing WriterNews
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
By Jai Vijayan Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Azure Front Door Gets a Security Upgrade
Kelly Sheridan, Staff Editor, Dark ReadingNews
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
By Kelly Sheridan Staff Editor, Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Data Security Accountability in an Age of Regular Breaches
Tanner Johnson, Senior Analyst, Connectivity & IoT, OMDIACommentary
As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
By Tanner Johnson Senior Analyst, Connectivity & IoT, OMDIA, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
How to Run a Successful Penetration Test
Steve Zurier, Contributing Writer
These seven tips will help ensure a penetration test improves your organization's overall security posture.
By Steve Zurier Contributing Writer, 2/18/2021
Comment1 Comment  |  Read  |  Post a Comment
Virginia Takes Different Tack Than California With Data Privacy Law
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
The Edge Pro Tip: Say What You Know
Edge Editors, Dark Reading
During the immediate period following a breach, it's vital to move fast — but not trip over yourself.
By Edge Editors Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
Robert Lemos, Contributing WriterNews
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
By Robert Lemos Contributing Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
Jai Vijayan, Contributing WriterNews
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
By Jai Vijayan Contributing Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
Dark Reading Staff, Quick Hits
Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach.
By Dark Reading Staff , 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Kia Faces $20M DoppelPaymer Ransomware Attack
Dark Reading Staff, Quick Hits
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
By Dark Reading Staff , 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware? Let's Call It What It Really Is: Extortionware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Etiquette: How to Mind Your Manners When It Matters
Samuel Greengard, Freelance Writer
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
By Samuel Greengard Freelance Writer, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
4 Predictions for the Future of Privacy
Bart Willemsen, Research Vice President at GartnerCommentary
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
By Bart Willemsen Research Vice President at Gartner, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Compromised Credentials Show That Abuse Happens in Multiple Phases
Jai Vijayan, Contributing WriterNews
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
By Jai Vijayan Contributing Writer, 2/16/2021
Comment1 Comment  |  Read  |  Post a Comment
Firms Patch Greater Number of Systems, but Still Slowly
Robert Lemos, Contributing WriterNews
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
By Robert Lemos Contributing Writer, 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
Strata Identity Raises $11M in Series A Round
Dark Reading Staff, Quick Hits
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by mmillslagel85001
Current Conversations That's a great drum.
In reply to: campfire
Post Your Own Reply
More Conversations
Products & Releases
1Kosmos Secures $15 Million in Series A Funding From ForgePoint Capital
New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises
Latest Release of Tripwire Configuration Manager Increases Protection for Cloud-Based Assets
Cado Security Makes New Appointments to Global Team
WatchGuard Adds New Capabilities to WatchGuard Cloud Management Platform
CISO-Led Group Invests In API Security Firm Traceable
New Siemplify Research Reveals Cybersecurity Postures Stronger Than Pre-Pandemic for Many
Israeli Cybersecurity Firm CYE Secures 9 Digit Financing Round
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Breach Etiquette: How to Mind Your Manners When It Matters
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
Fighting Fileless Malware, Part 3: Mitigations
Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?
Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough
With the pandemic as a backdrop, cybercriminals have recognized an unprecedented opportunity to steer billions of dollars in unemployment claims into the own accounts.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I said I wanted 'fish' for dinner, he thought I said 'phish'.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36246
PUBLISHED: 2021-02-19
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
CVE-2021-26746
PUBLISHED: 2021-02-19
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI
CVE-2021-27405
PUBLISHED: 2021-02-19
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
CVE-2019-25024
PUBLISHED: 2021-02-19
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
CVE-2021-27403
PUBLISHED: 2021-02-19
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Flash Poll
Video
Slideshows
Twitter Feed