Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
NSA Releases Guidance on Zero-Trust Architecture
Dark Reading Staff, Quick Hits
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
By Dark Reading Staff , 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
Thousands of VMware Servers Exposed to Critical RCE Bug
Dark Reading Staff, Quick Hits
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
By Dark Reading Staff , 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment1 Comment  |  Read  |  Post a Comment
The Realities of Extended Detection and Response (XDR) Technology
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Universities Face Double Threat of Ransomware, Data Breaches
Robert Lemos, Contributing WriterNews
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
By Robert Lemos Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
3 Security Flaws in Smart Devices & IoT That Need Fixing
Grigorii Markov, CEO, Cerber Tech Inc.Commentary
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
By Grigorii Markov CEO, Cerber Tech Inc., 2/24/2021
Comment1 Comment  |  Read  |  Post a Comment
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Dark Reading Staff, Quick Hits
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
8 Ways Ransomware Operators Target Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
What Can Your Connected Car Reveal About You?
Alejandro Hernandez, Senior Consultant at IOActiveCommentary
App developers must take responsibility for the security of users' data.
By Alejandro Hernandez Senior Consultant at IOActive, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
Kia Denies Ransomware Attack as IT Outage Continues
Dark Reading Staff, Quick Hits
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
By Dark Reading Staff , 2/19/2021
Comment1 Comment  |  Read  |  Post a Comment
Attackers Already Targeting Apple's M1 Chip with Custom Malware
Robert Lemos, Contributing WriterNews
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
By Robert Lemos Contributing Writer, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Buys Log Management Startup Humio for $400M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
By Dark Reading Staff , 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Offers Closer Look at Its Platform Security Technologies, Features
Jai Vijayan, Contributing WriterNews
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
By Jai Vijayan Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Virginia Takes Different Tack Than California With Data Privacy Law
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Kia Faces $20M DoppelPaymer Ransomware Attack
Dark Reading Staff, Quick Hits
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
By Dark Reading Staff , 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
4 Predictions for the Future of Privacy
Bart Willemsen, Research Vice President at GartnerCommentary
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
By Bart Willemsen Research Vice President at Gartner, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Strata Identity Raises $11M in Series A Round
Dark Reading Staff, Quick Hits
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
Under Attack: Hosting & Internet Service Providers
Marc Wilczek, Digital Strategist & COO of Link11Commentary
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
By Marc Wilczek Digital Strategist & COO of Link11, 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
PR Newswire
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...