Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
Robert Lemos, Contributing WriterNews
A new machine learning tool aims to mine privacy policies on behalf of users.
By Robert Lemos Contributing Writer, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
How to Boost Executive Buy-In for Security Investments
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
By Lamont Orange Chief Information Security Officer at Netskope, 1/11/2021
Comment1 Comment  |  Read  |  Post a Comment
Top 5 'Need to Know' Coding Defects for DevSecOps
Walter Capitani, Director, Technical Product Management, GrammaTechCommentary
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
By Walter Capitani Director, Technical Product Management, GrammaTech, 1/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
Kelly Sheridan, Staff Editor, Dark ReadingNews
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
By Kelly Sheridan Staff Editor, Dark Reading, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Victims' Data Published via DDoSecrets
Dark Reading Staff, Quick Hits
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.
By Dark Reading Staff , 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic
Jai Vijayan, Contributing WriterNews
In the past two months alone, attacks against the sector soared 45% more than double the rate of other sectors, Check Point says.
By Jai Vijayan Contributing Writer, 1/6/2021
Comment0 comments  |  Read  |  Post a Comment
Nissan Source Code Leaked via Misconfigured Git Server
Dark Reading Staff, Quick Hits
Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.
By Dark Reading Staff , 1/6/2021
Comment0 comments  |  Read  |  Post a Comment
How to Protect Your Organization's Digital Footprint
Zack Allen, Director of Threat Operations at ZeroFOXCommentary
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
By Zack Allen Director of Threat Operations at ZeroFOX, 1/6/2021
Comment0 comments  |  Read  |  Post a Comment
6 Open Source Tools for Your Security Team
Curtis Franklin Jr., Senior Editor at Dark Reading
Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/6/2021
Comment1 Comment  |  Read  |  Post a Comment
FBI, CISA, NSA & ODNI Cite Russia in Joint Statement on 'Serious' SolarWinds Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The attacks appear to be an "intelligence-gathering" mission, the agencies said.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/5/2021
Comment0 comments  |  Read  |  Post a Comment
What You Need to Know About California's New Privacy Rules
K Royal, Associate General Counsel at TrustArcCommentary
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
By K Royal Associate General Counsel at TrustArc, 1/5/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Source Code Exposed: What We Know & What It Means
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 1/4/2021
Comment0 comments  |  Read  |  Post a Comment
How to Build Cyber Resilience in a Dangerous Atmosphere
Dirk Schrader, Global VP of Product Marketing and Business Development, NNTCommentary
Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.
By Dirk Schrader Global VP of Product Marketing and Business Development, NNT, 12/31/2020
Comment0 comments  |  Read  |  Post a Comment
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 12/29/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3166
PUBLISHED: 2021-01-18
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, r...
CVE-2020-29446
PUBLISHED: 2021-01-18
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...