Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing WriterNews
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
By Jai Vijayan Contributing Writer, 4/15/2021
Comment0 comments  |  Read  |  Post a Comment
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Jai Vijayan, Contributing WriterNews
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
By Jai Vijayan Contributing Writer, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
Clear & Present Danger: Data Hoarding Undermines Better Security
Elissa M. Redmiles, Researcher, Max Planck Institute for Software SystemsCommentary
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
By Elissa M. Redmiles Researcher, Max Planck Institute for Software Systems, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
New Malware Downloader Spotted in Targeted Campaigns
Jai Vijayan, Contributing WriterNews
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
By Jai Vijayan Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Did 4 Major Ransomware Groups Truly Form a Cartel?
Robert Lemos, Contributing WriterNews
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
By Robert Lemos Contributing Writer, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Robert Lemos, Contributing WriterNews
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
By Robert Lemos Contributing Writer, 4/5/2021
Comment0 comments  |  Read  |  Post a Comment
7 Security Strategies as Employees Return to the Office
Steve Zurier, Contributing Writer
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
By Steve Zurier Contributing Writer, 4/1/2021
Comment0 comments  |  Read  |  Post a Comment
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/30/2021
Comment1 Comment  |  Read  |  Post a Comment
Ghost Users Haunt Healthcare Firms
Dark Reading Staff, Quick Hits
Data security hygiene severely lacking among healthcare firms, new research shows.
By Dark Reading Staff , 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Builds Out Defensive Tools for Security Teams
Robert Lemos, Contributing WriterNews
Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox.
By Robert Lemos Contributing Writer, 3/29/2021
Comment1 Comment  |  Read  |  Post a Comment
Beware the Package Typosquatting Supply Chain Attack
Kim Lewandowski & Bentz Tozer, Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-TelCommentary
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
By Kim Lewandowski & Bentz Tozer Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-Tel, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Greg Foss, Senior Cybersecurity Strategist, VMware Security Business UnitCommentary
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
By Greg Foss Senior Cybersecurity Strategist, VMware Security Business Unit, 3/17/2021
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Secure the Enterprise Against Tax Scams
Steve Zurier, Contributing Writer
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
By Steve Zurier Contributing Writer, 3/17/2021
Comment0 comments  |  Read  |  Post a Comment
US Schools Faced Record Number of Security Incidents in 2020
Dark Reading Staff, Quick Hits
The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.
By Dark Reading Staff , 3/10/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
John Klossner, CartoonistCommentary
And the winner of Dark Reading's February cartoon caption contest is ...
By John Klossner Cartoonist, 3/9/2021
Comment0 comments  |  Read  |  Post a Comment
Look to Banking as a Model for Stopping Crime-as-a-Service
David Fairman & Samantha Van Stokrom, CSO, APAC / Sales EngineerCommentary
The first step toward prevention is understanding the six most common CaaS services.
By David Fairman & Samantha Van Stokrom CSO, APAC / Sales Engineer, 3/9/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment2 comments  |  Read  |  Post a Comment
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Dr. Rolf Lindemann, Vice President, Products at Nok Nok LabsCommentary
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
By Dr. Rolf Lindemann Vice President, Products at Nok Nok Labs, 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing WriterNews
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
By Robert Lemos Contributing Writer, 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20527
PUBLISHED: 2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
CVE-2021-27028
PUBLISHED: 2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.
CVE-2021-27029
PUBLISHED: 2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.
CVE-2021-27030
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVE-2021-27031
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.