informa

Vulnerabilities/Threats

Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
January 14, 2022
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
by Jai Vijayan, Contributing Writer
January 14, 2022
5 min read
Article
Maryland Dept. of Health Responds to Ransomware Attack
An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.
January 14, 2022
An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.
by Dark Reading Staff, Dark Reading
January 14, 2022
2 min read
Article
White House Meets With Software Firms and Open Source Orgs on Security
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
January 14, 2022
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
by Robert Lemos, Contributing Writer
January 14, 2022
5 min read
Article
What's Next for Patch Management: Automation
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
January 14, 2022
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 14, 2022
5 min read
Article
BlueNoroff Threat Group Targets Cryptocurrency Startups
A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.
January 13, 2022
A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.
by Dark Reading Staff, Dark Reading
January 13, 2022
2 min read
Article
New Vulnerabilities Highlight Risks of Trust in Public Cloud
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
January 13, 2022
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
by Robert Lemos, Contributing Writer
January 13, 2022
4 min read
Article
How Cybercriminals Are Cashing in on the Culture of 'Yes'
The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.
January 13, 2022
The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.
by Mike Kiser, Director of Strategy and Standards, SailPoint
January 13, 2022
5 min read
Article
Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
January 13, 2022
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
by Jai Vijayan, Contributing Writer
January 13, 2022
5 min read
Article
Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
January 12, 2022
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
by Dark Reading Staff, Dark Reading
January 12, 2022
3 min read
Article
Oxeye Introduce Open Source Payload Deobfuscation Tool
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.
January 12, 2022
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.
January 12, 2022
4 min read
Article
New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.
January 12, 2022
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.
by Kelly Sheridan, Senior Editor
January 12, 2022
5 min read
Article
Critical Infrastructure Security and a Case for Optimism in 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
January 12, 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
by Kurt John, Chief Cybersecurity Officer, Siemens USA
January 12, 2022
5 min read
Article
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
January 12, 2022
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 12, 2022
4 min read
Article
Microsoft Kicks Off 2022 With 96 Security Patches
Nine of the Microsoft patches released today are classified as Critical, 89 are Important, and six are publicly known.
January 11, 2022
Nine of the Microsoft patches released today are classified as Critical, 89 are Important, and six are publicly known.
by Kelly Sheridan, Senior Editor
January 11, 2022
4 min read
Article
Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
January 11, 2022
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
by Jai Vijayan, Contributing Writer
January 11, 2022
4 min read
Article