Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Gap Between Security and Networking Teams May Hinder Tech Projects
Dark Reading Staff, Quick Hits
Professionals in each field describe a poor working relationship between the two teams
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Wanted: The (Elusive) Cybersecurity 'All-Star'
Steve Zurier, Contributing WriterNews
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
By Steve Zurier Contributing Writer, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Newer Generic Top-Level Domains a Security 'Nuisance'
Jai Vijayan, Contributing WriterNews
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Companies Adopting DevOps & Agile for Security
Robert Lemos, Contributing WriterNews
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
By Robert Lemos Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
It's Time to Ditch Celebrity Cybersecurity
Mieng Lim, VP of Product Management at Digital Defense By HelpSystemsCommentary
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
By Mieng Lim VP of Product Management at Digital Defense By HelpSystems, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Imperva to Buy API Security Firm CloudVector
Dark Reading Staff, Quick Hits
The deal is intended to expand Imperva's API security portfolio, officials say.
By Dark Reading Staff , 5/3/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Celebrates 15th Anniversary
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
By Tim Wilson, Editor in Chief, Dark Reading , 5/3/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Dark Reading Staff, Quick Hits
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
By Dark Reading Staff , 4/30/2021
Comment0 comments  |  Read  |  Post a Comment
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
By Steve Zurier Contributing Writer, 4/30/2021
Comment1 Comment  |  Read  |  Post a Comment
API Hole on Experian Partner Site Exposes Credit Scores
Dark Reading Staff, Quick Hits
Student researcher is concerned security gap may exist on many other sites.
By Dark Reading Staff , 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
74% of Financial Institutions See Spike in COVID-Related Threats
Dark Reading Staff, Quick Hits
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
By Dark Reading Staff , 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Recovery Costs Near $2M
Dark Reading Staff, Quick Hits
The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
By Dark Reading Staff , 4/27/2021
Comment1 Comment  |  Read  |  Post a Comment
4 Ways CISOs Can Strengthen Their Security Resilience
Tom Kellermann, Head of Cybersecurity Strategy, VMwareCommentary
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
By Tom Kellermann Head of Cybersecurity Strategy, VMware, 4/27/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Patches Serious MacOS Security Flaw
Dark Reading Staff, Quick Hits
The bug can put Mac users at "grave risk" as it allows attackers to bypass Apple's security mechanisms, a researcher reports.
By Dark Reading Staff , 4/26/2021
Comment0 comments  |  Read  |  Post a Comment
Password Manager Suffers 'Supply Chain' Attack
Dark Reading Staff, Quick Hits
A software update to Click Studios' Passwordstate password manager contained malware.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Insider Data Leaks: A Growing Enterprise Threat
Dark Reading Staff, Quick Hits
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
SOC 2 Attestation Tips for SaaS Companies
Viral Trivedi, Chief Business Officer at Ampcus CyberCommentary
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
By Viral Trivedi Chief Business Officer at Ampcus Cyber, 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Prometei Botnet Adds New Twist to Exchange Server Attacks
Dark Reading Staff, Quick Hits
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
By Dark Reading Staff , 4/22/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment17 comments  |  Read  |  Post a Comment
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Rick van Galen, Security Engineer, 1PasswordCommentary
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
By Rick van Galen Security Engineer, 1Password, 4/22/2021
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...