Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
Former Salesforce Execs Launch Data Protection Startup
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th
Edge Editors, Dark Reading
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
By Edge Editors Dark Reading, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
Security & Trust Ratings Proliferate: Is That a Good Thing?
Robert Lemos, Contributing WriterNews
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.
By Robert Lemos Contributing Writer, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 5/22/2020
Comment11 comments  |  Read  |  Post a Comment
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Web Scrapers Have Bigger-Than-Perceived Impact on Digital Businesses
Jai Vijayan, Contributing WriterNews
The economic impact of bot traffic can be unexpectedly substantial, a PerimeterX-commissioned study finds.
By Jai Vijayan Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Telcos Become Richer Hacking Targets
Alison Diana, Contributing WriterNews
The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.
By Alison Diana Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, GarrisonCommentary
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
By Henry Harrison Co-founder & Chief Technology Officer, Garrison, 5/21/2020
Comment2 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Most Bluetooth Devices Vulnerable to Impersonation Attacks
Jai Vijayan, Contributing WriterNews
Vulnerabilities in the Bluetooth authentication process give attackers a way to insert rogue devices between two securely paired devices, academic researchers find.
By Jai Vijayan Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
Robert Lemos, Contributing WriterNews
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.
By Robert Lemos Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
60% of Insider Threats Involve Employees Planning to Leave
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
By Kelly Sheridan Staff Editor, Dark Reading, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Risks in Front-end Code
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
By Ido Safruti Co-founder & CTO, PerimeterX, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Offers to Sell Enterprise Network Access Surge on Dark Web
Dark Reading Staff, Quick Hits
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.
By Dark Reading Staff , 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Dark Reading Staff, Quick Hits
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
By Dark Reading Staff , 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
Robert Lemos, Contributing WriterNews
As COVID-19-themed spam rises, phishing—not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
By Robert Lemos Contributing Writer, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
By Dan Blum Cybersecurity & Risk Management Strategist, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Peyton Laudanski
Current Conversations Thats my dad.
In reply to: CastleCops
Post Your Own Reply
More Conversations
Products & Releases
Smarsh Acquires Entreda, Leader in Cybersecurity Risk & Compliance Software for Wealth Management Industry
FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities
Avanan Introduces Cloud-based Security for Citrix ShareFile
Telos Appoints General Keith Alexander as Inaugural Member of Advisory Board
Varonis Announces New Platform Update Featuring Remote Work Cybersecurity Capabilities
Accurics' 'State of DevSecOps Report' Highlights Shift Toward Provisioning Cloud Infrastructure Through Code
FTI Consulting Survey Shares Data Privacy Budget and Solutions Forecast
BlackBerry Spark Suites Launch to Provide Companies Intelligent Security, Everywhere
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
Security 101: Cross-Site Scripting
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
Biometrics in the Great Beyond
A thumbprint may be a good authentication factor for the living, but are you prepared to access mission-critical data and devices after an employee's death?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13429
PUBLISHED: 2020-05-24
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
CVE-2020-13430
PUBLISHED: 2020-05-24
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-13425
PUBLISHED: 2020-05-23
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
CVE-2020-13424
PUBLISHED: 2020-05-23
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
CVE-2020-13412
PUBLISHED: 2020-05-22
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Flash Poll
Video
Slideshows
Twitter Feed