Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
Apple Patches Three iOS Zero-Day Vulnerabilities
Dark Reading Staff, Quick Hits
New iOS 14.4 update available for iPhones and iPads.
By Dark Reading Staff , 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Pay-or-Get-Breached Ransomware Schemes Take Off
Robert Lemos, Contributing WriterNews
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
By Robert Lemos Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
North Korean Attackers Target Security Researchers via Social Media: Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
By Kelly Sheridan Staff Editor, Dark Reading, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Steve Zurier, Contributing WriterNews
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
By Steve Zurier Contributing Writer, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
BEC Scammers Find New Ways to Navigate Microsoft 365
Dark Reading Staff, Quick Hits
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
By Dark Reading Staff , 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Mainframe Security Automation Is Not a Luxury
John McKenny, SVP/GM of ZSolutions, BMC SoftwareCommentary
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
By John McKenny SVP/GM of ZSolutions, BMC Software, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
Startup Offers Free Version of its 'Passwordless' Technology
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Is Latest Security Vendor to Disclose Cyberattack
Kelly Sheridan, Staff Editor, Dark ReadingNews
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
By Kelly Sheridan Staff Editor, Dark Reading, 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
Small Security Teams Have Big Security Fears, CISOs Report
Dark Reading Staff, Quick Hits
Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.
By Dark Reading Staff , 1/25/2021
Comment0 comments  |  Read  |  Post a Comment
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading
Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/25/2021
Comment1 Comment  |  Read  |  Post a Comment
Why North Korea Excels in Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment1 Comment  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Robert Lemos, Contributing WriterNews
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
By Robert Lemos Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Huntress Acquires EDR Technology From Level Effect
Dark Reading Staff, Quick Hits
Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Security Operations Struggle to Defend Value, Keep Workers
Robert Lemos, Contributing WriterNews
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.
By Robert Lemos Contributing Writer, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Intel's New vPro Processors Aim to Help Defend Against Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23359
PUBLISHED: 2021-01-27
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
CVE-2020-23360
PUBLISHED: 2021-01-27
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
CVE-2020-23361
PUBLISHED: 2021-01-27
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVE-2021-25311
PUBLISHED: 2021-01-27
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
CVE-2021-25312
PUBLISHED: 2021-01-27
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.