Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cartoon Caption Winner: Be Careful Who You Trust
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Cybercrime 'Help Wanted': Job Hunting on the Dark Web
How to Submit a Column to Dark Reading
News & Commentary
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Intel: More Than 90% of Our Vulnerabilities Found via Research
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
More Details Emerge on the Microsoft Exchange Server Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
By Kelly Sheridan Staff Editor, Dark Reading, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Okta to Buy Rival Auth0
Dark Reading Staff, Quick Hits
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
Dark Reading Staff, Quick Hits
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Design, Security, Tech Is the New Stack You Should Be Building
Sathish Muthukrishnan, Chief Information, Data and Digital Officer, AllyCommentary
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
By Sathish Muthukrishnan Chief Information, Data and Digital Officer, Ally, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Policy Group Calls for Public-Private Cyber-Defense Program
Robert Lemos, Contributing WriterNews
The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
By Robert Lemos Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Ignite Brings Security & Compliance Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing WriterNews
'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
By Jai Vijayan Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2021
Comment1 Comment  |  Read  |  Post a Comment
Thycotic and Centrify to Merge In $1.4B Deal
Dark Reading Staff, Quick Hits
TPG Capital will combine privileged access management providers into one company.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Google Partners With Insurers to Create Risk Protection Program
Dark Reading Staff, Quick Hits
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Edge Toon: In Hot Water
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 3/2/2021
Comment4 comments  |  Read  |  Post a Comment
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Shai Morag, CEO of ErmeticCommentary
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
By Shai Morag CEO of Ermetic, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
Jai Vijayan, Contributing WriterNews
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.
By Jai Vijayan Contributing Writer, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
New Jailbreak Tool Works on Most iPhones
Dark Reading Staff, Quick Hits
The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
Dark Reading Staff, Quick Hits
Earnings report points to diversion of care during incident for financial loss.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
MSP Provider Builds Red Team as Attackers Target Industry
Robert Lemos, Contributing WriterNews
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.
By Robert Lemos Contributing Writer, 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
How's your 'Probiv'? How about customer service? Here's how Dark Web forums connect cybercriminals looking for talent with those looking for work -- and which skills are hot right now.
A peek at open XDR technology and defense that held up better than the Kansas City Chiefs.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24913
PUBLISHED: 2021-03-04
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24914
PUBLISHED: 2021-03-04
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2020-24036
PUBLISHED: 2021-03-04
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-24912
PUBLISHED: 2021-03-04
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Flash Poll
Video
Slideshows
Twitter Feed