Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
Troy Hunt: Organizations Make Security Choices Tough for Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Padraic O'Reilly, Chief Product Officer & Co-Founder of CyberSaint SecurityCommentary
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
By Padraic O'Reilly Chief Product Officer & Co-Founder of CyberSaint Security, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Gap Between Security and Networking Teams May Hinder Tech Projects
Dark Reading Staff, Quick Hits
Professionals in each field describe a poor working relationship between the two teams
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
DoD Lets Researchers Target All Publicly Accessible Info Systems
Dark Reading Staff, Quick Hits
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Wanted: The (Elusive) Cybersecurity 'All-Star'
Steve Zurier, Contributing WriterNews
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
By Steve Zurier Contributing Writer, 5/5/2021
Comment1 Comment  |  Read  |  Post a Comment
Newer Generic Top-Level Domains a Security 'Nuisance'
Jai Vijayan, Contributing WriterNews
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Companies Adopting DevOps & Agile for Security
Robert Lemos, Contributing WriterNews
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
By Robert Lemos Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Scripps Health Responds to Cyberattack
Dark Reading Staff, Quick Hits
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Can Organizations Secure Remote Workers for the Long Haul?
Ian Pratt, Global head of Security for Personal Systems at HP Inc.Commentary
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
By Ian Pratt Global head of Security for Personal Systems at HP Inc., 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
It's Time to Ditch Celebrity Cybersecurity
Mieng Lim, VP of Product Management at Digital Defense By HelpSystemsCommentary
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
By Mieng Lim VP of Product Management at Digital Defense By HelpSystems, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Task Force Publishes Framework to Fight Global Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
By Steve Zurier Contributing Writer, 4/30/2021
Comment1 Comment  |  Read  |  Post a Comment
Your Digital Identity's Evil Shadow
Sam Crowther, Founder, KasadaCommentary
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
By Sam Crowther Founder, Kasada, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
The Challenge of Securing Non-People Identities
Eric Kedrosky, Chief Information Security Officer at Sonrai SecurityCommentary
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
By Eric Kedrosky Chief Information Security Officer at Sonrai Security, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Dark Reading Staff, Quick Hits
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Is Your Cloud Raining Sensitive Data?
Or Azarzar, CTO & Co-Founder of LightspinCommentary
Learn common Kubernetes vulnerabilities and ways to avoid them.
By Or Azarzar CTO & Co-Founder of Lightspin, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
Jai Vijayan, Contributing WriterNews
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
By Jai Vijayan Contributing Writer, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
By Kelly Sheridan Staff Editor, Dark Reading, 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
Emotet Malware Uninstalled From Infected Devices
Dark Reading Staff, Quick Hits
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
By Dark Reading Staff , 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
XDR: A Game-Changer in Enterprise Threat Detection
Eric Parizo, Senior Analyst, OmdiaCommentaryVideo
Omdia's Eric Parizo highlights four capabilities that show how XDR technology is reinventing enterprise threat detection.
By Eric Parizo Senior Analyst, Omdia, 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27941
PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the...
CVE-2021-29203
PUBLISHED: 2021-05-06
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gai...
CVE-2021-31737
PUBLISHED: 2021-05-06
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVE-2020-28198
PUBLISHED: 2021-05-06
** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode wh...
CVE-2021-28665
PUBLISHED: 2021-05-06
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.