Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How the Shady Zero-Day Sales Game Is Evolving
6 Open Source Tools for Your Security Team
More SolarWinds Attack Details Emerge
COVID-19: Latest Security News & Commentary
News & Commentary
Intel Confirms Unauthorized Access of Earnings-Related Data
Jai Vijayan, Contributing WriterNews
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
By Jai Vijayan Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
Robert Lemos, Contributing WriterNews
The fastest-moving industries are struggling to produce secure code, according to AppSec experts.
By Robert Lemos Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
How Cybersecurity Newbs Can Start Out on the Right Foot
Joan Goodchild, Contributing Writer
Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
By Joan Goodchild Contributing Writer, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
Why North Korea Excels in Cybercrime
Marc Wilczek, Digital Strategist & COO of Link11Commentary
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
By Marc Wilczek Digital Strategist & COO of Link11, 1/22/2021
Comment0 comments  |  Read  |  Post a Comment
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Jai Vijayan, Contributing WriterNews
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
By Jai Vijayan Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Breach Data Shows Attackers Switched Gears in 2020
Robert Lemos, Contributing WriterNews
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
By Robert Lemos Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark ReadingNews
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
By Bernie Brode Nano Product Researcher, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Secure a WordPress Site
Steve Zurier, Contributing Writer
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
By Steve Zurier Contributing Writer, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Hacker Pig Latin: A Base64 Primer for Security Analysts
Daniel Smallwood, Senior Threat Research Engineer, IronNet
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
By Daniel Smallwood Senior Threat Research Engineer, IronNet, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases New Info on SolarWinds Attack Chain
Jai Vijayan, Contributing WriterNews
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
By Jai Vijayan Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Robert Lemos, Contributing WriterNews
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
By Robert Lemos Contributing Writer, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Tips for a Bulletproof War Room Strategy
Lee Chieffalo, Technical Director of Cybersecurity Operations at ViasatCommentary
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
By Lee Chieffalo Technical Director of Cybersecurity Operations at Viasat, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Popular DNS Software Allow Poisoning
Robert Lemos, Contributing WriterNews
Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.
By Robert Lemos Contributing Writer, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Dark Reading Staff, Quick Hits
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
By Dark Reading Staff , 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
4 Intriguing Email Attacks Detected by AI in 2020
Edge Editors, Dark Reading
Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)
By Edge Editors Dark Reading, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
The Most Pressing Concerns Facing CISOs Today
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
By John Worrall Chief Executive Officer at ZeroNorth, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
A Security Practitioner's Guide to Encrypted DNS
Jamie Brim, Corelight Security ResearcherCommentary
Best practices for a shifting visibility landscape.
By Jamie Brim Corelight Security Researcher, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed