Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tips for Effective Deception
7 IoT Tips for Home Users
Profile of the Post-Pandemic CISO
Cartoon: COVID19 Futures
COVID-19: Latest Security News & Commentary
News & Commentary
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing WriterNews
RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps.
By Jai Vijayan Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Biden Campaign Hires 2 Top Cybersecurity Executives
Dark Reading Staff, Quick Hits
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
By Dark Reading Staff , 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Patches Zero-Day Vulnerability in Windows 7
Dark Reading Staff, Quick Hits
The flaw also affects older versions of the operating system, even if they're fully patched.
By Dark Reading Staff , 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
Robert Lemos, Contributing WriterNews
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
By Robert Lemos Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Huge DDoS Attack Launched Against Cloudflare in Late June
Dark Reading Staff, Quick Hits
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
By Dark Reading Staff , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Up Close with Evilnum, the APT Group Behind the Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
By Tim Wilson, Editor in Chief, Dark Reading , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
Jai Vijayan, Contributing WriterNews
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
By Jai Vijayan Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
When WAFs Go Wrong
Ericka Chickowski, Contributing WriterNews
Web application firewalls are increasingly disappointing enterprises today. Here's why.
By Ericka Chickowski Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
56% of Large Companies Handle 1,000+ Security Alerts Each Day
Dark Reading Staff, Quick Hits
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.
By Dark Reading Staff , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Tough Times, Tough Measures
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 7/9/2020
Comment3 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 7/9/2020
Comment13 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most From Nessus
Curtis Franklin Jr., Senior Editor at Dark Reading
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testing ROI: How to Communicate the Value of Security Testing
Nabil Hannan, Managing Director at NetSPICommentary
There are many reasons to pen test, but the financial reasons tend to get ignored.
By Nabil Hannan Managing Director at NetSPI, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
Jai Vijayan, Contributing WriterNews
Data is fueling account takeover attacks in a big way, Digital Shadows says.
By Jai Vijayan Contributing Writer, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
Dark Reading Staff, Quick Hits
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
More Malware Found Preinstalled on Government Smartphones
Dark Reading Staff, Quick Hits
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
RunSafe Security Announces Partnership with JFrog
Growing Security Alerts Driving Demand for Cloud SIEM Solutions in the SOC
Axio Announces Partnership with Archer
Beyond Identity Joins FIDO Alliance
Thoma Bravo Completes Exostar Acquisition
As Cyberattacks Soar, US State and Local Government Entities Struggle to Keep Up
Cloud Security Alliance Publishes New Paper, The Six Pillars of DevSecOps: Automation
Xage Security Introduces Universal Multi-Factor Authentication for Industrial Operations
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
As Offices Reopen, Hardware from Home Threatens Security
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
Name That Toon: Tough Times, Tough Measures
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybersecurity's Lament: There Are No Cooks in Space
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed