Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
Microsoft Exchange Server Exploits Hit Retail, Government, Education
Dark Reading Staff, Quick Hits
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.
By Dark Reading Staff , 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
5 Ways Social Engineers Crack Into Human Beings
Joan Goodchild, Contributing Writer
These common human traits are the basic ingredients in the con-man's recipe for trickery.
By Joan Goodchild Contributing Writer, 3/5/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment1 Comment  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Policy Group Calls for Public-Private Cyber-Defense Program
Robert Lemos, Contributing WriterNews
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
By Robert Lemos Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Ignite Brings Security & Compliance Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment2 comments  |  Read  |  Post a Comment
Google Partners With Insurers to Create Risk Protection Program
Dark Reading Staff, Quick Hits
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Shai Morag, CEO of ErmeticCommentary
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
By Shai Morag CEO of Ermetic, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
MSP Provider Builds Red Team as Attackers Target Industry
Robert Lemos, Contributing WriterNews
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.
By Robert Lemos Contributing Writer, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Releases Guidance on Zero-Trust Architecture
Dark Reading Staff, Quick Hits
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
By Dark Reading Staff , 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
After a Year of Quantum Advances, the Time to Protect Is Now
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Innovations in quantum computing mean enterprise and manufacturing organizations need to start planning now to defend against new types of cybersecurity threats.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
Inside Strata's Plans to Solve the Cloud Identity Puzzle
Kelly Sheridan, Staff Editor, Dark ReadingNews
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
By Kelly Sheridan Staff Editor, Dark Reading, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases Free Tool for Hunting SolarWinds Malware
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
Thousands of VMware Servers Exposed to Critical RCE Bug
Dark Reading Staff, Quick Hits
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
By Dark Reading Staff , 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Falling Victim to a SolarWinds-Style Attack
Joseph Cortese, Penetration Testing Practice Lead at A-LIGNCommentary
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
By Joseph Cortese Penetration Testing Practice Lead at A-LIGN, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
61% of Malware Delivered via Cloud Apps: Report
Dark Reading Staff, Quick Hits
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Google Invests in Linux Kernel Developers to Focus on Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28466
PUBLISHED: 2021-03-07
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened r...
CVE-2021-27364
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27365
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length...
CVE-2021-27363
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system...
CVE-2021-26294
PUBLISHED: 2021-03-07
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_...