This site uses cookies to provide you with the best user experience possible. By using Dark Reading, you accept our use of cookies.
×
TOP STORIES

The True Cost of a Ransomware Attack
Microsoft 365: Most Common Threat Vectors & Defensive Tips
Proposed Sale Casts Cloud Over Future of FireEye's Products
Cyber Athletes Compete to Form US Cyber Team
NEWS & COMMENTARY
Trickbot Investigation Shows Details of Massive Cybercrime Effort
News
Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.By ROBERT LEMOS Contributing Writer, 6/11/20210 COMMENTS  |  READ  |  POST A COMMENT
McDonald's Data Breach Exposed Business & Customer Data
Quick Hits
An investigation has revealed company data has been breached in the United States, South Korea, and Taiwan.By DARK READING STAFF , 6/11/20210 COMMENTS  |  READ  |  POST A COMMENT
Details Emerge on How Gaming Giant EA Was Hacked
Quick Hits
Hacking group stole source code to FIFA 21 and the company's Frostbite engine.By DARK READING STAFF , 6/11/20210 COMMENTS  |  READ  |  POST A COMMENT
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
News
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.By JAI VIJAYAN Contributing Writer, 6/11/20210 COMMENTS  |  READ  |  POST A COMMENT
Secure Access Trade-offs for DevSecOps Teams
Commentary
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.By EV KONTSEVOY CEO of Teleport, 6/11/20210 COMMENTS  |  READ  |  POST A COMMENT
New Ransomware Group Claiming Connection to REvil Gang Surfaces
News
"Prometheus" is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly.By JAI VIJAYAN Contributing Writer, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
'Fancy Lazarus' Criminal Group Launches DDoS Extortion Campaign
News
The group has re-emerged after a brief hiatus with a new email campaign threatening a DDoS attack against businesses that don't pay ransom.By KELLY SHERIDAN Staff Editor, Dark Reading, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
Healthcare Device Security Firm COO Charged With Hacking Medical Center
Quick Hits
Vikas Singla, chief operating officer of security firm that provides products and services to the healthcare industry, faces charges surrounding a cyberattack he allegedly conducted against Duluth, Ga.-based Gwinnett Medical Center.By DARK READING STAFF , 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
JBS CEO Says Company Paid $11M in Ransom
Quick Hits
The decision to pay attackers was a difficult one, CEO Andre Nogueira said in a statement. By DARK READING STAFF , 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
'Beware the Lady Named Katie'
A semester-long course boiled down to two minutes and 45 seconds.By EDGE EDITORS Dark Reading, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
The Workforce Shortage in Cybersecurity Is a Myth
Commentary
What we really have is an automation-in-the-wrong-place problem.By MICHAEL ROYTMAN Chief Data Scientist, Kenna Security, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
Intl. Law Enforcement Operation Disrupts Slilpp Marketplace
Quick Hits
A seizure warrant affidavit unsealed today states Slilpp had sold allegedly stolen login credentials since 2012.By DARK READING STAFF , 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious. By JOHN DONEGAN Enterprise analyst at ManageEngine, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
11 Cybersecurity Vendors to Watch in 2021
The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer.By JAI VIJAYAN Contributing Writer, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
Cyber Is the New Cold War & AI Is the Arms Race
Commentary
Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.By NANCY GRADY Chief Data Scientist & Solutions Architect, 6/10/20210 COMMENTS  |  READ  |  POST A COMMENT
Required MFA Is Not Sufficient for Strong Security: Report
News
Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.By ROBERT LEMOS Contributing Writer, 6/9/20210 COMMENTS  |  READ  |  POST A COMMENT
What to Know About Updates to the PCI Secure Software Standard
New requirements add 50 controls covering five control objectives. Here's a high-level look at each objective. By SEAN SMITH Manager II, PCI Compliance Services, Optiv, 6/9/20210 COMMENTS  |  READ  |  POST A COMMENT
RSA Spins Off Fraud & Risk Intelligence Unit
News
The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis.By KELLY SHERIDAN Staff Editor, Dark Reading, 6/9/20210 COMMENTS  |  READ  |  POST A COMMENT
CISA Addresses Rise in Ransomware Threatening OT Assets
Quick Hits
The agency has released guidance in response to a rise of ransomware attacks affecting OT assets and control systems.By DARK READING STAFF , 6/9/20210 COMMENTS  |  READ  |  POST A COMMENT
New Security Event @Hack to Take Place in Saudi Arabia
Quick Hits
The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.By DARK READING STAFF , 6/9/20210 COMMENTS  |  READ  |  POST A COMMENT
MORE STORIES
CURRENT CONVERSATIONS
Posted by netdaemonRansomeware certainly is A problem and there are lots of ways to help prevent and mitigate the impact, the commentary has several good examples, especially highlighting Zero Trust, least privilege, and preventing the escalation...In reply to: Ransomware is the problem - and there are lots of solutions
Post Your Own Reply
Posted by martin-smithWe've come across this issue with Cyber Essentials certification in the UK. Due to the onerous nature of detecting and managing various flavours of ISP router and their security, focus has switched to endpoint protection. Running...In reply to: Focus for home workers security
Post Your Own Reply
Posted by Dantose"We've had some push-back on the mandatory vacation policy"In reply to: Re: There must have been an incident
Post Your Own Reply
Posted by Dantose"It's nice to see them investing in crash recovery"In reply to: There must have been an incident
Post Your Own Reply
Posted by John-RoyWhat about this quote?   there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the...In reply to: My Mantra
Post Your Own Reply
Posted by mikesec5Would documenting the process to have users perform a reverse port scan using a site such as Gibson Research Corporation's Shields Up work?  At least we would know if they had any open ports that could be targeted.&...In reply to: Shields Up?
Post Your Own Reply
Posted by HarryS750There are two main issues related to the security shortage that you do not address which I assume is because of your younger age.  Number 1 is age discrimination.  This is a major issue that has been widely studied. ...In reply to: Two problems you do not address
Post Your Own Reply
Posted by kratiwUnfortunately, until cybersecurity failures start to hit the C-level executive in the pocketbook, nothing will change. Many of my colleagues and I have been advocating IT asset management, the foundation for IT security,...In reply to: I Think They'll Hit the Snooze Button, Again
Post Your Own Reply
Posted by vderrillZoom Zoom!In reply to: sorry about this
Post Your Own Reply
Posted by blightsey3921Some folks will hang on to those old apps right up to the instant we decommission them !In reply to: hangin' on
Post Your Own Reply
Posted by m.slotboom"Did not know that virtual delivery of goods is on the road map." "Brake!"In reply to: Road map
Post Your Own Reply
Posted by m.slotboomA new remote working policy, they said. It would be swift and easy to configure, they said.In reply to: Remote workplace
Post Your Own Reply
MORE CONVERSATIONS
PRODUCTS & RELEASES
Cybrary Announces Kevin Hanes as New CEORansomware Cartels Using New Tactics to Extort Money Aura Adds to Board of DirectorsDevo Report Reveals Cloud Security Priorities of 'Pandemic-Evolved' BusinessesKaspersky Discovers More Minecraft MalwareBrinqa Announces $110 Million in Growth Funding to Accelerate Adoption of Risk-based CybersecurityInfoblox 3.0 Unites Hybrid DDI and Security to Unlock Cloud-first StrategiesWaverley Labs Launches RESILIANT™ Essential to Zero Trust Model
MORE PRODUCTS & RELEASES
PR NEWSWIRE
The Good ISIS - NEW INFO & ANALYSIS - Iran Nuclear Program & IAEA Report on Iran, Upcoming IAEA Board of Governors Meeting

WASHINGTON, June 2, 2021 /PRNewswire/ -- What: David Albright answers questions on Iran's nuclear…
Customer Relationship Management Global Market to 2027 - Opportunity Analysis and Industry Forecasts

DUBLIN, June 11, 2021 /PRNewswire/ -- The "Customer Relationship Management Market by Component…
Worldwide Virtual Training and Simulation Industry to 2027 - Impact of COVID-19

DUBLIN, June 11, 2021 /PRNewswire/ -- The "Global Virtual Training and Simulation Market 2020-2027…
Worldwide Insurance Analytics Industry to 2027 - Surge in Fraudulent Activities Presents Opportunities

DUBLIN, June 11, 2021 /PRNewswire/ -- The "Insurance Analytics Market By Component, Deployment…
Baltimore City Council Votes to Approve Extreme Ban on Facial Recognition

SILVER SPRING, Md., June 11, 2021 /PRNewswire-PRWeb/ -- On June 8, the Baltimore City Council…
Risk Analytics Market With COVID-19 Impact Analysis by Software Type, Service, Risk Type, Deployment Mode, Organization Size, Vertical, and Region - Global Forecast to 2026

DUBLIN, June 11, 2021 /PRNewswire/ -- The "Risk Analytics Market With COVID-19 Impact Analysis by…
The Worldwide Smartphone Sensors Industry is Expected to Grow at a CAGR of 6.2% Between 2021 to 2027

DUBLIN, June 11, 2021 /PRNewswire/ -- The "Global Smartphone Sensors Market 2020-2026" report has…
AI in Computer Vision Market worth $51.3 billion by 2026 - Exclusive Report by MarketsandMarkets™

CHICAGO, June 11, 2021 /PRNewswire/ -- According to the new market research report "AI in Computer…
IdRamp Joins Linux Foundation Public Health Cardea Project Steering Committee

DES MOINES, Iowa, June 11, 2021 /PRNewswire/ -- IdRamp, a leading decentralized identity platform…
Fighting the Cybersecurity Threat: MIT xPRO Launches New Professional Certification in Cybersecurity in Collaboration with Emeritus

BOSTON, June 11, 2021 /PRNewswire/ -- With ransomware, malware, phishing and other cyber-attacks…
More news
Dark Reading Is Getting an Upgrade!
Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.
11 Cybersecurity Vendors to Watch in 2021
The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer.
What to Know About Updates to the PCI Secure Software Standard
New requirements add 50 controls covering five control objectives. Here's a high-level look at each objective.
How Can I Test the Security of My Home-Office Employees' Routers?
From the most accurate to the most practical, here are a few ways to ensure both employees and organizations are protected from risk.
SUBSCRIBE TO NEWSLETTERS
LIVE EVENTSWEBINARS
@Hack - November 28-30, 2021 Saudi Arabia - Learn More
Black Hat USA 2021 - July 31-August 5 - Learn More
Dark Reading June 24 Virtual Event a free, online conference. LEARN MORE
MORE INFORMA TECH LIVE EVENTS
CARTOON
Post a Comment
CARTOON ARCHIVE
WHITE PAPERS
2021 Application Security Statistics Report Vol.2
The State of Endpoint Security
Tech Insights: Detecting and Preventing Insider Data Leaks
Stop Malicious Bots For Good: How Better Bot Management Maximizes Your ROI
The Underground Economy: The Dark Web and the Rise in Sophisticated Attacks
MORE WHITE PAPERS
CURRENT ISSUE
The State of Cybersecurity Incident ResponseIn this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
BACK ISSUES | MUST READS
BUG REPORT
ENTERPRISE VULNERABILITIES
From DHS/US-CERT's National Vulnerability DatabaseCVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
REPORTS
Battle for the EndpointHow to build a new cyber strategy for 2021 and beyond.
How Enterprises are Developing Secure Applications0 COMMENTS
Assessing Cybersecurity Risk in Today's Enterprises0 COMMENTS
The Malware Threat Landscape0 COMMENTS
MORE REPORTS
VIDEO
Play video on original page

ALL VIDEOS
SLIDESHOWS
7 Modern-Day Cybersecurity Realities
3 COMMENTS | READ | POST A COMMENT
10 Free Security Tools at Black Hat Asia 2021
0 COMMENTS
MORE SLIDESHOWS
TWITTER FEED
Tweets about "from:DarkReading OR @DarkReading"
Discover More From Informa Tech
Working With Us
Follow DarkReading On Social
HomeCookiesCCPA: Do not sell my personal infoPrivacyTerms
Copyright © 2020 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
ITPro Today
Data Center Knowledge
Black Hat
Working With Us
Contact us
About Us
Advertise
Reprints
Follow DarkReading On Social
HomeCookies