Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Successful Malware Incidents Rise as Attackers Shift Tactics
Robert Lemos, Contributing WriterNews
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
By Robert Lemos Contributing Writer, 1/15/2021
Comment0 comments  |  Read  |  Post a Comment
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle with Cloud Availability as Attackers Take Aim
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Recommends Using Only 'Designated' DNS Resolvers
Dark Reading Staff, Quick Hits
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
IFSEC Global, StaffNews
It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?
By James Willison, founder of Unified Security Ltd , 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
United Nations Security Flaw Exposed 100K Staff Records
Dark Reading Staff, Quick Hits
Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
By Dark Reading Staff , 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Intel's New vPro Processors Aim to Help Defend Against Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
New Tool Sheds Light on AppleScript-Obfuscated Malware
Robert Lemos, Contributing WriterNews
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
By Robert Lemos Contributing Writer, 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
By Lamont Orange Chief Information Security Officer at Netskope, 1/11/2021
Comment1 Comment  |  Read  |  Post a Comment
Top 5 'Need to Know' Coding Defects for DevSecOps
Walter Capitani, Director, Technical Product Management, GrammaTechCommentary
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
By Walter Capitani Director, Technical Product Management, GrammaTech, 1/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
Kelly Sheridan, Staff Editor, Dark ReadingNews
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
By Kelly Sheridan Staff Editor, Dark Reading, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
State Dept. to Create New Cybersecurity & Technology Agency
Dark Reading Staff, Quick Hits
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.
By Dark Reading Staff , 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
Even Small Nations Have Jumped into the Cyber Espionage Game
Robert Lemos, Contributing WriterNews
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.
By Robert Lemos Contributing Writer, 1/7/2021
Comment1 Comment  |  Read  |  Post a Comment
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
Always be skeptical and double check credentials.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166
PUBLISHED: 2021-01-15
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168
PUBLISHED: 2021-01-15
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171
PUBLISHED: 2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.