Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
New Social Security Scam Spoofs Government Badges
Dark Reading Staff, Quick Hits
Criminals text or email photos of fake government identification badges to trick people into sending money.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Intel: More Than 90% of Our Vulnerabilities Found via Research
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Dark Reading Staff, Quick Hits
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Ignite Brings Security & Compliance Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment1 Comment  |  Read  |  Post a Comment
Google Partners With Insurers to Create Risk Protection Program
Dark Reading Staff, Quick Hits
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Falling Victim to a SolarWinds-Style Attack
Joseph Cortese, Penetration Testing Practice Lead at A-LIGNCommentary
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
By Joseph Cortese Penetration Testing Practice Lead at A-LIGN, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
61% of Malware Delivered via Cloud Apps: Report
Dark Reading Staff, Quick Hits
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Google Invests in Linux Kernel Developers to Focus on Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Kaseya Buys Managed SOC Provider
Dark Reading Staff, Quick Hits
Purchase extends offerings for MSP and SMB customers
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
SonicWall Releases Second Set of February Firmware Patches
Dark Reading Staff, Quick Hits
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Dark Reading Staff, Quick Hits
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
By Dark Reading Staff , 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Michael Ohanian, Vice President of Product Management at NetsurionCommentary
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
By Michael Ohanian Vice President of Product Management at Netsurion, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
CVSS as a Framework, Not a Score
Tim Morgan, Chief Technology Officer of DeepSurface SecurityCommentary
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
By Tim Morgan Chief Technology Officer of DeepSurface Security, 2/23/2021
Comment0 comments  |  Read  |  Post a Comment
8 Ways Ransomware Operators Target Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
How to Fine-Tune Vendor Risk Management in a Virtual World
Ryan Smyth & Spencer MacDonald, Managing Director / Director, FTI TechnologyCommentary
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
By Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Sure you have fire, but he has an i7!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28636
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35628
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35636
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-8298
PUBLISHED: 2021-03-04
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
CVE-2020-28601
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.