Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cartoon Caption Winner: Be Careful Who You Trust
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How to Submit a Column to Dark Reading
News & Commentary
The Edge Pro Tip: Proceed With Caution
Edge Editors, Dark Reading
Security pros offer up their post-SolarWinds patch-management advice.
By Edge Editors Dark Reading, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Sophie Chase-Borthwick, Vice President, Data Ethics and Privacy, CalligoCommentary
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
By Sophie Chase-Borthwick Vice President, Data Ethics and Privacy, Calligo, 3/8/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Dark Reading Staff, Quick Hits
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
By Dark Reading Staff , 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
5 Ways Social Engineers Crack Into Human Beings
Joan Goodchild, Contributing Writer
These common human traits are the basic ingredients in the con-man's recipe for trickery.
By Joan Goodchild Contributing Writer, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Realistic Patch Management Tips, Post-SolarWinds
Sara Peters, Senior Editor at Dark Reading
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
By Sara Peters Senior Editor at Dark Reading, 3/5/2021
Comment1 Comment  |  Read  |  Post a Comment
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Maxine Holt, Research Director, OmdiaCommentary
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
By Maxine Holt Research Director, Omdia, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Make Sure That Stimulus Check Lands in the Right Bank Account
Tom Pendergast, Chief Learning Officer at MediaPROCommentary
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
By Tom Pendergast Chief Learning Officer at MediaPRO, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Business Apps Spoofed in 45% of Impersonation Attacks
Dark Reading Staff, Quick Hits
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Still Seeing High Level of Attacker Activity
Robert Lemos, Contributing WriterNews
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
By Robert Lemos Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
Jai Vijayan, Contributing WriterNews
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
John McAfee Charged in 'Pump & Dump' Cryptocurrency Scheme
Dark Reading Staff, Quick Hits
Justice officials claim antivirus founder and associate fraudulently promoted altcoins via Twitter.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
New Social Security Scam Spoofs Government Badges
Dark Reading Staff, Quick Hits
Criminals text or email photos of fake government identification badges to trick people into sending money.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Qualys Is the Latest Victim of Accellion Data Breach
Jai Vijayan, Contributing WriterNews
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Intel: More Than 90% of Our Vulnerabilities Found via Research
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Okta to Buy Rival Auth0
Dark Reading Staff, Quick Hits
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Dark Reading Staff, Quick Hits
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Forescout Further Enhances Management Team With Appointment of Wael Mohamed as CEO
Group-IB: Ransomware Empire Prospers in Pandemic-Hit World; Attacks Grow by 150%
Reblaze Launches Open Source Security Platform
Anomali Appoints New CEO
Kaspersky VPN Secure Connection Now Available on Macs with Apple Silicon
StorCentric Announces Nexsan Assureon Cloud Edition
SAFE Identity Announces Internet of Medical Things Working Group
NetMotion Survey: Only 12% of Enterprises Worldwide Have Fully Embraced SASE
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Realistic Patch Management Tips, Post-SolarWinds
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
Name That Edge Toon: In Hot Water
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4695
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
CVE-2020-4903
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
CVE-2020-5014
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
CVE-2021-21329
PUBLISHED: 2021-03-08
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.
CVE-2021-21326
PUBLISHED: 2021-03-08
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fix...
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed