Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Microsoft Ignite Brings Security & Compliance Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Google Partners With Insurers to Create Risk Protection Program
Dark Reading Staff, Quick Hits
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Falling Victim to a SolarWinds-Style Attack
Joseph Cortese, Penetration Testing Practice Lead at A-LIGNCommentary
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
By Joseph Cortese Penetration Testing Practice Lead at A-LIGN, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
61% of Malware Delivered via Cloud Apps: Report
Dark Reading Staff, Quick Hits
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Google Invests in Linux Kernel Developers to Focus on Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Kaseya Buys Managed SOC Provider
Dark Reading Staff, Quick Hits
Purchase extends offerings for MSP and SMB customers
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Releases Second Set of February Firmware Patches
Dark Reading Staff, Quick Hits
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Dark Reading Staff, Quick Hits
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Michael Ohanian, Vice President of Product Management at NetsurionCommentary
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
By Michael Ohanian Vice President of Product Management at Netsurion, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
CVSS as a Framework, Not a Score
Tim Morgan, Chief Technology Officer of DeepSurface SecurityCommentary
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
By Tim Morgan Chief Technology Officer of DeepSurface Security, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
8 Ways Ransomware Operators Target Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
How to Fine-Tune Vendor Risk Management in a Virtual World
Ryan Smyth & Spencer MacDonald, Managing Director / Director, FTI TechnologyCommentary
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
By Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Virginia Takes Different Tack Than California With Data Privacy Law
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware? Let's Call It What It Really Is: Extortionware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
4 Predictions for the Future of Privacy
Bart Willemsen, Research Vice President at GartnerCommentary
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
By Bart Willemsen Research Vice President at Gartner, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by raudrera
Current Conversations Flintstones haha
In reply to: answer
Post Your Own Reply
More Conversations
PR Newswire
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22861
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted ...
CVE-2021-22862
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of ...
CVE-2021-22863
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would b...
CVE-2020-10519
PUBLISHED: 2021-03-03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the Gi...
CVE-2021-21353
PUBLISHED: 2021-03-03
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was p...