Dark Reading

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

04/22/2021
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.

The Edge Pro Tip: Brush Up on Web Shells

04/22/2021
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.

Edge Poll: Passwordless Plans

04/22/2021
How long do you think it will be before your organization gets rid of passwords?

New CISA Advisories Warn of ICS Vulnerabilities

04/22/2021
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.

Prometei Botnet Adds New Twist to Exchange Server Attacks

04/22/2021
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.

Improving the Vulnerability Reporting Process With 5 Steps

04/22/2021
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

04/22/2021
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.

Name That Toon: Greetings, Earthlings

04/22/2021
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.

Looking for Greater Security Culture? Ask an 8-Bit Plumber

04/22/2021
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.

10 Free Security Tools at Black Hat Asia 2021

04/22/2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

04/22/2021
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.

Who's Your Login?

04/22/2021
If only Abbott and Costello were around today.

Rapid7 Acquires Velociraptor Open Source Project

04/21/2021
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.

Justice Dept. Creates Task Force to Stop Ransomware Spread

04/21/2021
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.

Zero-Day Flaws in SonicWall Email Security Tool Under Attack

04/21/2021
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.

Business Email Compromise Costs Businesses More Than Ransomware

04/21/2021
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.

How to Attack Yourself Better in 2021

04/21/2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.

Attackers Heavily Targeting VPN Vulnerabilities

04/21/2021
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

04/20/2021
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.

Foreign Spies Target British Nationals With Fake Social Media Profiles

04/20/2021
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.