Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started
Commentary  |  6/22/2021  | 
Don't overlook crisis communications in your cybersecurity incident response planning.
Baltimore County Public Schools' Ransomware Recovery Tops $8M
Quick Hits  |  6/21/2021  | 
The school district has spent seven months and a reported $8.1 million recovering from the November attack.
This Week in Database Leaks: Cognyte, CVS, Wegmans
News  |  6/18/2021  | 
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
Mission Critical: What Really Matters in a Cybersecurity Incident
Commentary  |  6/17/2021  | 
The things you do before and during a cybersecurity incident can make or break the success of your response.
Keeping Your Organization Secure When Dealing With the Unexpected
Commentary  |  6/16/2021  | 
There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.
Don't Get Stymied by Security Indecision
Commentary  |  6/16/2021  | 
You might be increasing cyber-risk by not actively working to reduce it.
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
News  |  6/15/2021  | 
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.
What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain
Commentary  |  6/15/2021  | 
Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.
How Does the Government Buy Its Cybersecurity?
Commentary  |  6/15/2021  | 
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
News  |  6/14/2021  | 
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
Name That Toon: Sight Unseen
Commentary  |  6/14/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Secure Access Trade-offs for DevSecOps Teams
Commentary  |  6/11/2021  | 
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
Healthcare Device Security Firm COO Charged With Hacking Medical Center
Quick Hits  |  6/10/2021  | 
Vikas Singla, chief operating officer of security firm that provides products and services to the healthcare industry, faces charges surrounding a cyberattack he allegedly conducted against Duluth, Ga.-based Gwinnett Medical Center.
Intl. Law Enforcement Operation Disrupts Slilpp Marketplace
Quick Hits  |  6/10/2021  | 
A seizure warrant affidavit unsealed today states Slilpp had sold allegedly stolen login credentials since 2012.
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary  |  6/10/2021  | 
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
Cyber Is the New Cold War & AI Is the Arms Race
Commentary  |  6/10/2021  | 
Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.
Required MFA Is Not Sufficient for Strong Security: Report
News  |  6/9/2021  | 
Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.
RSA Spins Off Fraud & Risk Intelligence Unit
News  |  6/9/2021  | 
The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis.
CISA Addresses Rise in Ransomware Threatening OT Assets
Quick Hits  |  6/9/2021  | 
The agency has released guidance in response to a rise of ransomware attacks affecting OT assets and control systems.
With Cloud, CDO and CISO Concerns Are Equally Important
Commentary  |  6/9/2021  | 
Navigated properly, a melding of these complementary perspectives can help keep an organization more secure.
Phished Account Credentials Mostly Verified in Hours
News  |  6/8/2021  | 
Almost two-thirds of all phished credentials are verified by attackers within a day and then used in a variety of schemes, including business email compromise and targeting other users with malicious code.
Colonial Pipeline CEO: Ransomware Attack Started via Pilfered 'Legacy' VPN Account
Quick Hits  |  6/8/2021  | 
No multifactor authentication was attached to the stolen VPN password used by the attackers, Colonial Pipeline president & CEO Joseph Blount told a Senate committee today.
Microsoft CISO Shares Remote Work Obstacles & Lessons Learned
News  |  6/8/2021  | 
Bret Arsenault explains changes he implemented along the way as Microsoft's workforce went from 20% to 97% remote.
How Employees Can Keep Their 401(k)s Safe From Cybercriminals
Commentary  |  6/8/2021  | 
As retirement fund balances grow, cybercriminals are becoming more brazen in their efforts to deplete people's savings.
Cyber Resilience: The Emerald City of the Security World
Commentary  |  6/8/2021  | 
Small and midsize businesses and managed service providers must use their heart, brain, and courage as they follow the Yellow Brick Road to cyber resilience.
First Known Malware Surfaces Targeting Windows Containers
News  |  6/7/2021  | 
Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.
Cartoon Caption Winner: Road Trip
Commentary  |  6/7/2021  | 
And the winner of Dark Reading's cartoon caption contest is ...
SentinelOne Files S-1 for IPO
Quick Hits  |  6/4/2021  | 
The security company looks to raise up to $100 million in its IPO, its filing reveals.
Data Breaches Drive Higher Loan Interest Rates
News  |  6/4/2021  | 
Businesses that suffer a security breach may not see their stock price tumble, but they may pay higher rates for loans and be forced to provide collateral, researchers report.
Google Experts Explore Open Source Security Challenges & Fixes
News  |  6/3/2021  | 
An open source security event brought discussions of supply chain security and managing flaws in open source projects.
REvil Behind JBS Ransomware Attack: FBI
Quick Hits  |  6/3/2021  | 
Officials attribute the attack to REvil/Sodinokibi and say they are working to bring the threat actors to justice.
Encryption Helps Companies Avoid Breach Notifications
News  |  6/2/2021  | 
With nearly twice as many firms suffering a breach compared with the previous year, limiting the damage becomes more important, a survey finds.
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Commentary  |  6/2/2021  | 
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
US Seizes Attacker Domains Used in USAID Phishing Campaign
News  |  6/1/2021  | 
The move follows last week's disclosure of an ongoing attack designed to mimic emails from the US Agency for International Development.
Cybersecurity Group Hopes to Push 30 More National Priorities
News  |  6/1/2021  | 
The Cyberspace Solarium Commission worked with legislators and the Trump administration to get 27 recommendations implemented in policy last year. It's aiming for 30 more in 2021.
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Quick Hits  |  5/28/2021  | 
A new study examines the tools and technologies driving investment and activities for security operations centers.
'Have I Been Pwned' Code Base Now Open Source
Quick Hits  |  5/27/2021  | 
Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.
DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture
News  |  5/27/2021  | 
On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.
Cisco: Reduced Complexity in the SOC Improves Enterprise Security
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- All it took was a global pandemic and a shift to working from home to expose security operations centers' open secret: Too much software, systems, and data to filter. Dug Song, chief strategy officer of Cisco Secure, makes a strong case for why reducing that complexity is the only tenable way forward for security professionals.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
Devo: SIEM Continues to Evolve with Tech Trends and Emerging Threats
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- Some organizations split the difference with a hybrid of premises- and cloud-based SIEM, says Ted Julian, senior VP of product at Devo. As security data volumes continue to increase, SIEM's evolution will only continue.
Cloud Compromise Costs Organizations $6.2M Per Year
News  |  5/25/2021  | 
Organizations reported an average of 19 cloud-based compromises in the past year, but most don't evaluate the security of SaaS apps before deployment.
Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks
News  |  5/25/2021  | 
Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.
MacOS Zero-Day Let Attackers Bypass Privacy Preferences
Quick Hits  |  5/25/2021  | 
Apple has released security patches for vulnerabilities in macOS and tvOS that reports indicate have been exploited in the wild.
Uptycs Offers Resilience Formula to Boost Business Continuity
Commentary  |  5/25/2021  | 
SPONSORED CONTENT: Breaches and data loss are inevitable, but customers can bounce back more readily with some planning and foresight, says Ganesh Pai, CEO and founder of Uptycs. He suggests a trajectory for customers looking to improve their own resilience, starting with proactiveness, followed by reactivity, then predictive capabilities and better protection.
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Businesses Boost Security Budgets. Where Will the Money Go?
News  |  5/25/2021  | 
Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.
As Threat Hunting Matures, Malware Labs Emerge
Commentary  |  5/24/2021  | 
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.
The Changing Face of Cybersecurity Awareness
Commentary  |  5/21/2021  | 
In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
Page 1 / 2   >   >>


Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.