Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Dark Reading Staff, Quick Hits
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
By Dark Reading Staff , 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff, Quick Hits
Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.
By Dark Reading Staff , 1/15/2021
Comment1 Comment  |  Read  |  Post a Comment
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle with Cloud Availability as Attackers Take Aim
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Recommends Using Only 'Designated' DNS Resolvers
Dark Reading Staff, Quick Hits
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Dark Reading Staff, Quick Hits
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Huntress Acquires EDR Technology From Level Effect
Dark Reading Staff, Quick Hits
Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.
By Dark Reading Staff , 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/12/2021
Comment1 Comment  |  Read  |  Post a Comment
United Nations Security Flaw Exposed 100K Staff Records
Dark Reading Staff, Quick Hits
Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
By Dark Reading Staff , 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Security Operations Struggle to Defend Value, Keep Workers
Robert Lemos, Contributing WriterNews
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.
By Robert Lemos Contributing Writer, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Intel's New vPro Processors Aim to Help Defend Against Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
New Tool Sheds Light on AppleScript-Obfuscated Malware
Robert Lemos, Contributing WriterNews
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
By Robert Lemos Contributing Writer, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
Malware Developers Refresh Their Attack Tools
Robert Lemos, Contributing WriterNews
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
By Robert Lemos Contributing Writer, 1/8/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery
Dark Reading Staff, Quick Hits
The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security.
By Dark Reading Staff , 1/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
Kelly Sheridan, Staff Editor, Dark ReadingNews
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
By Kelly Sheridan Staff Editor, Dark Reading, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...