Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Vulnerabilities / Threats

News & Commentary
Organizations Shift Further Left in App Development
Dark Reading Staff, Quick Hits
Most IT and security professionals surveyed think security is a critical enough reason to pause app development.
By Dark Reading Staff , 6/4/2021
Comment0 comments  |  Read  |  Post a Comment
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixModeCommentary
Cyber threats are staring you in the face, but you can't see them.
By Matt Shea Head of Federal @ MixMode, 6/4/2021
Comment0 comments  |  Read  |  Post a Comment
Google Experts Explore Open Source Security Challenges & Fixes
Kelly Sheridan, Staff Editor, Dark ReadingNews
An open source security event brought discussions of supply chain security and managing flaws in open source projects.
By Kelly Sheridan Staff Editor, Dark Reading, 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
NY & Mass. Transportation Providers Targeted in Recent Attacks
Dark Reading Staff, Quick Hits
New York's Metropolitan Transportation Authority and the Steamship Authority of Massachusetts were both victims of cyberattacks.
By Dark Reading Staff , 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
REvil Behind JBS Ransomware Attack: FBI
Dark Reading Staff, Quick Hits
Officials attribute the attack to REvil/Sodinokibi and say they are working to bring the threat actors to justice.
By Dark Reading Staff , 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The True Cost of a Ransomware Attack
Tyler Hudak, Practice Lead, Incident Response, at TrustedSecCommentary
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
By Tyler Hudak Practice Lead, Incident Response, at TrustedSec, 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Dan Verton, Director, ThreatConnectCommentary
Why business leaders must adopt a risk-led approach to cybersecurity.
By Dan Verton Director, ThreatConnect, 6/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Buys ReFirm Labs to Drive IoT Security Efforts
Kelly Sheridan, Staff Editor, Dark ReadingNews
The acquisition will bring ReFirm's firmware analysis capabilities alongside Microsoft's Azure Defender for IoT to boost device security.
By Kelly Sheridan Staff Editor, Dark Reading, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in
Dark Reading Staff, Quick Hits
The plug-in under active attack has been installed on more than 17,000 websites, say researchers.
By Dark Reading Staff , 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Is Your Adversary James Bond or Mr. Bean?
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Especially with nation-state attacks, its critical to assess whether you're up against jet fighter strength or a bumbler who tries to pick locks.
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Adam Darrah, Director of Intelligence, VigilanteCommentary
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
By Adam Darrah Director of Intelligence, Vigilante, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Processor Morphs Its Architecture to Make Hacking Really Hard
Robert Lemos, Contributing WriterNews
Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.
By Robert Lemos Contributing Writer, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
US Seizes Attacker Domains Used in USAID Phishing Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
The move follows last week's disclosure of an ongoing attack designed to mimic emails from the US Agency for International Development.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
New Barebones Ransomware Strain Surfaces
Jai Vijayan, Contributing WriterNews
The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts.
By Jai Vijayan Contributing Writer, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
Meat Producer JBS USA Hit By Ransomware Attack
Dark Reading Staff, Quick Hits
The company says recovery from the attack may delay transactions with customers and suppliers.
By Dark Reading Staff , 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
Return to Basics: Email Security in the Post-COVID Workplace
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
As we reimagine the post-pandemic workplace, we must also reevaluate post-pandemic email security practices.
By Eyal Benishti CEO & Founder of IRONSCALES, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
CISO Confidence Is Rising, but Issues Remain
Marc Wilczek, Digital Strategist & COO of Link11Commentary
New research reveals how global CISOs dealt with COVID-19 and their plans for 2022–2023.
By Marc Wilczek Digital Strategist & COO of Link11, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Dark Reading Staff, Quick Hits
A new study examines the tools and technologies driving investment and activities for security operations centers.
By Dark Reading Staff , 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection
Dark Reading Staff, Quick Hits
Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.
By Dark Reading Staff , 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by vderrill
Current Conversations Zoom Zoom!
In reply to: sorry about this
Post Your Own Reply
More Conversations
Products & Releases
IBM Selects Six School Districts to Receive a Total of $3 Million in Education Security Preparedness Grants
Axio Helping Organizations Protect Themselves Against Ransomware
CISA and Local Partners Conduct Tabletop Exercise in Preparation for the U.S. Olympic Team Track and Field Trials
ETSI Releases Mitigation Strategy Report on Securing Artificial Intelligence
Cyber Readiness Institute Calls on Biden Administration To Make Small Business Cybersecurity a National Priority
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020
Mimecast Report: 61% of Organizations Were Infected with Ransomware in 2020
Survey: 60% of Educational Organizations Hit by Phishing Attacks Targeting Cloud Data
More Products & Releases
PR Newswire
Edge-DRsplash-10-edge-articles
The Makings of a Better Cybersecurity Hire
Bjorn R. Watne, CISO, Storebrand Group,  5/25/2021
Commentary
Let's Stop Blaming Employees for Our Data Breaches
Chrysa Freeman, Manager of Security Awareness, Code42,  5/27/2021
News
New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks
Jai Vijayan, Contributing Writer,  5/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zoom Zoom!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26928
PUBLISHED: 2021-06-04
** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirec...
CVE-2021-31249
PUBLISHED: 2021-06-04
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
CVE-2021-31250
PUBLISHED: 2021-06-04
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
CVE-2021-31251
PUBLISHED: 2021-06-04
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe...
CVE-2021-31252
PUBLISHED: 2021-06-04
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.