Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Prometei Botnet Adds New Twist to Exchange Server Attacks
Dark Reading Staff, Quick Hits
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
By Dark Reading Staff , 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment13 comments  |  Read  |  Post a Comment
Justice Dept. Creates Task Force to Stop Ransomware Spread
Dark Reading Staff, Quick Hits
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
By Dark Reading Staff , 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
By Kelly Sheridan Staff Editor, Dark Reading, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
How to Attack Yourself Better in 2021
Pavel Suprunyuk, Technical lead of the audit and consulting team, Group-IBCommentary
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
By Pavel Suprunyuk Technical lead of the audit and consulting team, Group-IB, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Heavily Targeting VPN Vulnerabilities
Jai Vijayan, Contributing WriterNews
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
By Jai Vijayan Contributing Writer, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
Kelly Sheridan, Staff Editor, Dark ReadingNews
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
By Kelly Sheridan Staff Editor, Dark Reading, 4/20/2021
Comment0 comments  |  Read  |  Post a Comment
Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack
Dark Reading Staff, Quick Hits
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
By Dark Reading Staff , 4/20/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Dark Reading Staff, Quick Hits
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
By Dark Reading Staff , 4/19/2021
Comment1 Comment  |  Read  |  Post a Comment
Pandemic Drives Greater Need for Endpoint Security
Dark Reading Staff, Quick Hits
Endpoint security has changed. Can your security plan keep up?
By Dark Reading Staff , 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Security Gaps in IoT Access Control Threaten Devices and Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
Jai Vijayan, Contributing WriterNews
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
By Jai Vijayan Contributing Writer, 4/15/2021
Comment1 Comment  |  Read  |  Post a Comment
Thycotic & Centrify Merge to Form Cloud Identity Security Firm
Dark Reading Staff, Quick Hits
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
By Dark Reading Staff , 4/14/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Urges Caution for Security Researchers Targeted in Attack Campaign
Dark Reading Staff, Quick Hits
The agency urges researchers to take precautions amid an ongoing targeted threat campaign.
By Dark Reading Staff , 4/14/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading to Upgrade Site Design, Performance
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Improvements will make site content easier to navigate, faster, and more functional.
By Tim Wilson, Editor in Chief, Dark Reading , 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Launches New Threat Detection Dashboard
Dark Reading Staff, Quick Hits
Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
By Dark Reading Staff , 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
Fraudsters Use HTML Legos to Evade Detection in Phishing Attack
Dark Reading Staff, Quick Hits
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.
By Dark Reading Staff , 4/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cring Ransomware Used in Attacks on European Industrial Firms
Dark Reading Staff, Quick Hits
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
By Dark Reading Staff , 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Something Seems Afoul
John Klossner, CartoonistCommentary
And the winner of Dark Readings's March cartoon caption contest is ...
By John Klossner Cartoonist, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
Dark Reading Staff, Quick Hits
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.
By Dark Reading Staff , 4/6/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
PR Newswire
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
CVE-2021-2299
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...
CVE-2021-2300
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...