Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

News & Commentary
Business Apps Spoofed in 45% of Impersonation Attacks
Dark Reading Staff, Quick Hits
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
By Dark Reading Staff , 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Still Seeing High Level of Attacker Activity
Robert Lemos, Contributing WriterNews
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
By Robert Lemos Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
Jai Vijayan, Contributing WriterNews
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
By Jai Vijayan Contributing Writer, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Policy Group Calls for Public-Private Cyber-Defense Program
Robert Lemos, Contributing WriterNews
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
By Robert Lemos Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing WriterNews
'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
By Jai Vijayan Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment1 Comment  |  Read  |  Post a Comment
New Jailbreak Tool Works on Most iPhones
Dark Reading Staff, Quick Hits
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
MSP Provider Builds Red Team as Attackers Target Industry
Robert Lemos, Contributing WriterNews
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.
By Robert Lemos Contributing Writer, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Building a Next-Generation SOC Starts With Holistic Operations
Moti Gindi, Corporate Vice President, Microsoft Defender Advanced Threat ProtectionCommentary
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.
By Moti Gindi Corporate Vice President, Microsoft Defender Advanced Threat Protection, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing WriterNews
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
By Robert Lemos Contributing Writer, 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases Free Tool for Hunting SolarWinds Malware
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
North Korea's Lazarus Group Expands to Stealing Defense Secrets
Jai Vijayan, Contributing WriterNews
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
By Jai Vijayan Contributing Writer, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware, Phishing Will Remain Primary Risks in 2021
Robert Lemos, Contributing WriterNews
Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.
By Robert Lemos Contributing Writer, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
Thousands of VMware Servers Exposed to Critical RCE Bug
Dark Reading Staff, Quick Hits
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
By Dark Reading Staff , 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
New APT Group Targets Airline Industry & Immigration
Jai Vijayan, Contributing WriterNews
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
61% of Malware Delivered via Cloud Apps: Report
Dark Reading Staff, Quick Hits
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Kaseya Buys Managed SOC Provider
Dark Reading Staff, Quick Hits
Purchase extends offerings for MSP and SMB customers
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
The Realities of Extended Detection and Response (XDR) Technology
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 2/24/2021
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26961
PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
CVE-2021-26962
PUBLISHED: 2021-03-05
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could a...
CVE-2020-29134
PUBLISHED: 2021-03-05
TOTVS Fluig Luke platform allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217 Fluig Lake 1.7.0-210112 Fluig Lake 1.7.0-201215 Fluig Lake 1.7.0-201124 Fluig Lake 1.7.0-200915
CVE-2021-26960
PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
CVE-2021-28026
PUBLISHED: 2021-03-05
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.