Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
Robert Lemos, Contributing WriterNews
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
By Robert Lemos Contributing Writer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Azure Defender for IoT Uses CyberX Tech
Dark Reading Staff, Quick Hits
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine LearningExpert Insights
Future consumer devices, including pacemakers, should be built with security from the start.
By Gary McGraw Ph.D. Co-founder Berryville Institute of Machine Learning, 9/21/2020
Comment2 comments  |  Read  |  Post a Comment
What's on Your Enterprise Network? You Might Be Surprised
Jai Vijayan, Contributing WriterNews
The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.
By Jai Vijayan Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Printers Could Mean Security Problems for Home-Bound Workers
Robert Lemos, Contributing WriterNews
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
By Robert Lemos Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Ripple20 Malware Highlights Industrial Security Challenges
Paul Lariviere, Technical Director, Security CompassCommentary
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
By Paul Lariviere Technical Director, Security Compass, 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
Most IoT Hardware Dangerously Easy to Crack
Jai Vijayan, Contributing WriterNews
Manufacturers need to invest more effort into protecting root-level access to connected devices, security researcher says.
By Jai Vijayan Contributing Writer, 9/2/2020
Comment0 comments  |  Read  |  Post a Comment
Why Are There Still So Many Windows 7 Devices?
AJ Dunham, Global Principal Systems Engineer, Forescout TechnologiesCommentary
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
By AJ Dunham Global Principal Systems Engineer, Forescout Technologies, 9/1/2020
Comment6 comments  |  Read  |  Post a Comment
New Cybersecurity Code of Practice for Installers Unveiled by BSIA
IFSEC Global, StaffNews
The British Security Industry Association's (BSIA) cybersecurity group has released a new code of practice for installers responsible for safety and security systems.
By IFSEC Global Staff, 8/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Should Physical Security Professionals Learn Cybersecurity Skills?
Sarb Sembhi, CISM, is CTO & CISO at  Virtually InformedNews
In the first of a series of columns set to be hosted exclusively on IFSEC Global, Sarb Sembhi, CISM, CTO & CISO, Virtually Informed outlines why physical security professionals should be investing in their cyber security skillset.
By Sarb Sembhi CISM, is CTO & CISO at Virtually Informed, 8/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Smart-Lock Hacks Point to Larger IoT Problems
Nicole Ferraro, Contributing WriterNews
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
By Nicole Ferraro Contributing Writer, 8/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Newly Patched Alexa Flaws a Red Flag for Home Workers
Steve Zurier, Contributing WriterNews
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
By Steve Zurier Contributing Writer, 8/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Four Ways to Mitigate Supply Chain Security Risks From Ripple20
Curtis Simpson, Chief Information Security Officer at ArmisCommentary
Enterprises can significantly alleviate current and long-standing third-party risk by using tactical and strategic efforts to assess and manage them.
By Curtis Simpson Chief Information Security Officer at Armis, 8/18/2020
Comment0 comments  |  Read  |  Post a Comment
Advent Completes Forescout Purchase
Dark Reading Staff, Quick Hits
The purchase by a private equity fund was announced in February and completed today.
By Dark Reading Staff , 8/17/2020
Comment0 comments  |  Read  |  Post a Comment
The Race to Hack a Satellite at DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Satellite Communication Eavesdropping Will Remain A Problem
Dark Reading Staff, News
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nobesityahmedabad
Current Conversations Very useful information
In reply to: Re: Chart
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
Kelly Sheridan, Staff Editor, Dark Reading,  9/25/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...