Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

6 Tips for Getting the Most from Nessus
7 IoT Tips for Home Users
Profile of the Post-Pandemic CISO
Name That Toon: Tough Times, Tough Measures
COVID-19: Latest Security News & Commentary
News & Commentary
Russian Cyberattacks Target COVID-19 Research, Vaccine Development
Dark Reading Staff, Quick Hits
Government agencies in the US, UK, and Canada report Russian group Cozy Bear is targeting organizations developing coronavirus vaccines.
By Dark Reading Staff , 7/16/2020
Comment0 comments  |  Read  |  Post a Comment
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Natali Tshuva, Co-Founder & CEO of SternumCommentary
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
By Natali Tshuva Co-Founder & CEO of Sternum, 7/16/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts
Dark Reading Staff, Quick Hits
Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam.
By Dark Reading Staff , 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
New Attack Technique Uses Misconfigured Docker API
Dark Reading Staff, Quick Hits
A new technique builds and deploys an attack on the victim's own system
By Dark Reading Staff , 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
Kelly Sheridan, Staff Editor, Dark ReadingNews
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
'Patch ASAP': Cisco Issues Updates for Routers, VPN Firewall
Dark Reading Staff, Quick Hits
Cisco issues five critical security patches among a batch of some 31 updates.
By Dark Reading Staff , 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Vulns in Open Source EHR Puts Patient Health Data at Risk
Jai Vijayan, Contributing WriterNews
Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds.
By Jai Vijayan Contributing Writer, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
How Nanotechnology Will Disrupt Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
By Bernard Brode , 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Top 5 Questions (and Answers) About GRC Technology
Matt Kunkel, Co-founder & CEO, LogicGateCommentary
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
By Matt Kunkel Co-founder & CEO, LogicGate, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Requires a Different Approach to Security
Robert Lemos, Contributing WriterNews
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
By Robert Lemos Contributing Writer, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
'Make Your Bed' and Other Life Lessons for Security
Joshua Goldfarb, Independent ConsultantCommentary
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
By Joshua Goldfarb Independent Consultant, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
Kelly Sheridan, Staff Editor, Dark ReadingNews
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
By Kelly Sheridan Staff Editor, Dark Reading, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Vulnerability Hits SAP Enterprise Applications
Dark Reading Staff, Quick Hits
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.
By Dark Reading Staff , 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
New Mirai Variant Surfaces with Exploits for 9 Vulnerabilities Products
Jai Vijayan, Contributing WriterNews
Impacted products include routers, IP cameras, DVRs, and smart TVs.
By Jai Vijayan Contributing Writer, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Jan Youngren, Cybersecurity Expert, VPNpro.comCommentary
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
By Jan Youngren Cybersecurity Expert, VPNpro.com, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
99% of Websites at Risk of Attack Via JavaScript Plug-ins
Steve Zurier, Contributing WriterNews
The average website includes content from 32 different third-party JavaScript programs, new study finds.
By Steve Zurier Contributing Writer, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 7/14/2020
Comment14 comments  |  Read  |  Post a Comment
Zero-Trust Efforts Rise with the Tide of Remote Working
Robert Lemos, Contributing WriterNews
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
By Robert Lemos Contributing Writer, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
A Paramedic's Lessons for Cybersecurity Pros
Kelly Sheridan, Staff Editor, Dark ReadingNews
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
By Kelly Sheridan Staff Editor, Dark Reading, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nhunganh18
Current Conversations great
In reply to: Re: Effective Grouping
Post Your Own Reply
Posted by Aperiam
Current Conversations thank you
In reply to: thanks
Post Your Own Reply
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4462
PUBLISHED: 2020-07-16
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive i...
CVE-2019-4747
PUBLISHED: 2020-07-16
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
CVE-2019-4748
PUBLISHED: 2020-07-16
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
CVE-2020-14000
PUBLISHED: 2020-07-16
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code ...
CVE-2020-15027
PUBLISHED: 2020-07-16
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed