Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment14 comments  |  Read  |  Post a Comment
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Rick van Galen, Security Engineer, 1PasswordCommentary
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
By Rick van Galen Security Engineer, 1Password, 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Rapid7 Acquires Velociraptor Open Source Project
Dark Reading Staff, Quick Hits
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
By Dark Reading Staff , 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
By Kelly Sheridan Staff Editor, Dark Reading, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Business Email Compromise Costs Businesses More Than Ransomware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
How to Attack Yourself Better in 2021
Pavel Suprunyuk, Technical lead of the audit and consulting team, Group-IBCommentary
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
By Pavel Suprunyuk Technical lead of the audit and consulting team, Group-IB, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
Kelly Sheridan, Staff Editor, Dark ReadingNews
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
By Kelly Sheridan Staff Editor, Dark Reading, 4/20/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Dark Reading Staff, Quick Hits
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
By Dark Reading Staff , 4/19/2021
Comment1 Comment  |  Read  |  Post a Comment
Pandemic Drives Greater Need for Endpoint Security
Dark Reading Staff, Quick Hits
Endpoint security has changed. Can your security plan keep up?
By Dark Reading Staff , 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
Dark Reading Staff, Quick Hits
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
By Dark Reading Staff , 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Security Gaps in IoT Access Control Threaten Devices and Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
How the Biden Administration Can Make Digital Identity a Reality
Hal Granoff, Head of US Market Development at CallsignCommentary
A digital identity framework is the answer to the US government's cybersecurity dilemma.
By Hal Granoff Head of US Market Development at Callsign, 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Google Brings 37 Security Fixes to Chrome 90
Dark Reading Staff, Quick Hits
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
By Dark Reading Staff , 4/15/2021
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Managing Operational Risk in a Downturn
Steve Durbin, CEO of the Information Security ForumCommentary
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
By Steve Durbin CEO of the Information Security Forum, 4/15/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark ReadingNews
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.
By Kelly Sheridan Staff Editor, Dark Reading, 4/14/2021
Comment0 comments  |  Read  |  Post a Comment
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Jai Vijayan, Contributing WriterNews
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
By Jai Vijayan Contributing Writer, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading to Upgrade Site Design, Performance
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Improvements will make site content easier to navigate, faster, and more functional.
By Tim Wilson, Editor in Chief, Dark Reading , 4/13/2021
Comment1 Comment  |  Read  |  Post a Comment
Clear & Present Danger: Data Hoarding Undermines Better Security
Elissa M. Redmiles, Researcher, Max Planck Institute for Software SystemsCommentary
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
By Elissa M. Redmiles Researcher, Max Planck Institute for Software Systems, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Spotlight: XDR
Eric Parizo, Senior Analyst, OmdiaCommentary
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
By Eric Parizo Senior Analyst, Omdia, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Unofficial Android App Store APKPure Infected With Malware
Dark Reading Staff, Quick Hits
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22893
PUBLISHED: 2021-04-23
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse...
CVE-2021-31408
PUBLISHED: 2021-04-23
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after t...
CVE-2021-31410
PUBLISHED: 2021-04-23
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
CVE-2021-31539
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
CVE-2021-31540
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.