Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

News & Commentary
Cartoon Caption Winner: Greetings, Earthlings
John Klossner, CartoonistCommentary
And the winner of Dark Reading's April cartoon caption contest is ...
By John Klossner Cartoonist, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato NetworksCommentary
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
By Etay Maor Sr. Director Security Strategy at Cato Networks, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Infrastructure Under Attack
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
By Marc Wilczek Digital Strategist & COO of Link11, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Tulsa Deals With Aftermath of Ransomware Attack
Dark Reading Staff, Quick Hits
Weekend attack shuts down several city sites and service.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime
Dark Reading Staff, Quick Hits
The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.
By Dark Reading Staff , 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
Exchange Exploitation: Not Dead Yet
John Hammond, Senior Security Researcher at HuntressCommentary
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
By John Hammond Senior Security Researcher at Huntress, 5/10/2021
Comment0 comments  |  Read  |  Post a Comment
How North Korean APT Kimsuky Is Evolving Its Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Dark Reading Staff, Quick Hits
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
Dark Reading Staff, Quick Hits
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSecCommentary
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
By Rob Simon Principal Security Consultant at TrustedSec, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Troy Hunt: Organizations Make Security Choices Tough for Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Google Plans to Automatically Enable Two-Factor Authentication
Dark Reading Staff, Quick Hits
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Publishes Analysis on New 'FiveHands' Ransomware
Dark Reading Staff, Quick Hits
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Padraic O'Reilly, Chief Product Officer & Co-Founder of CyberSaint SecurityCommentary
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
By Padraic O'Reilly Chief Product Officer & Co-Founder of CyberSaint Security, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Seek New Strategies to Improve Macros' Effectiveness
Robert Lemos, Contributing WriterNews
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
By Robert Lemos Contributing Writer, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
DoD Lets Researchers Target All Publicly Accessible Info Systems
Dark Reading Staff, Quick Hits
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Will 2021 Mark the End of World Password Day?
Jake Madders, Director, Hyve Managed HostingCommentary
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
By Jake Madders Director, Hyve Managed Hosting, 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31187
PUBLISHED: 2021-05-11
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-31188
PUBLISHED: 2021-05-11
Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170.
CVE-2021-31190
PUBLISHED: 2021-05-11
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2021-31191
PUBLISHED: 2021-05-11
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-31192
PUBLISHED: 2021-05-11
Windows Media Foundation Core Remote Code Execution Vulnerability