Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Commentary  |  11/27/2020  | 
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
Do You Know Who's Lurking in Your Cloud Environment?
News  |  11/25/2020  | 
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Look Beyond the 'Big 5' in Cyberattacks
News  |  11/25/2020  | 
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Commentary  |  11/25/2020  | 
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design
News  |  11/25/2020  | 
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Latest Version of TrickBot Employs Clever New Obfuscation Trick
News  |  11/24/2020  | 
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Baidu Apps Leaked Location Data, Machine Learning Reveals
News  |  11/24/2020  | 
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
CISA Warns of Holiday Online Shopping Scams
Quick Hits  |  11/24/2020  | 
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
Alexa, Disarm the Victim's Home Security System
News  |  11/24/2020  | 
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
Cloud Security Startup Lightspin Emerges From Stealth
News  |  11/24/2020  | 
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Commentary  |  11/24/2020  | 
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
What's in Store for Privacy in 2021
News  |  11/24/2020  | 
Changes are coming to the privacy landscape, including more regulations and technologies.
Printers' Cybersecurity Threats Too Often Ignored
Commentary  |  11/24/2020  | 
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
Security Researchers Sound Alarm on Smart Doorbells
News  |  11/23/2020  | 
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
News  |  11/23/2020  | 
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
News  |  11/23/2020  | 
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Manchester United Suffers Cyberattack
Quick Hits  |  11/23/2020  | 
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Quick Hits  |  11/23/2020  | 
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Commentary  |  11/23/2020  | 
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Commentary  |  11/23/2020  | 
Online shopping will be more popular than ever with consumers... and with malicious actors too.
10 Undergraduate Security Degree Programs to Explore
Slideshows  |  11/23/2020  | 
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
Facebook Messenger Flaw Enabled Spying on Android Callees
Quick Hits  |  11/20/2020  | 
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Security Pros Push for More Pervasive Threat Modeling
News  |  11/20/2020  | 
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
How Cyberattacks Work
Commentary  |  11/20/2020  | 
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
Telos Goes Public
News  |  11/19/2020  | 
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
Quick Hits  |  11/19/2020  | 
The data breach began with a compromised employee email account.
Cybercriminals Get Creative With Google Services
News  |  11/19/2020  | 
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
Quick Hits  |  11/19/2020  | 
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
The Yellow Brick Road to Risk Management
Commentary  |  11/19/2020  | 
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
COVID-19: Latest Security News & Commentary
News  |  11/19/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
New Proposed DNS Security Features Released
News  |  11/19/2020  | 
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
2021 Cybersecurity Spending: How to Maximize Value
Commentary  |  11/19/2020  | 
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
Unpatched Browsers Abound, Study Shows
News  |  11/19/2020  | 
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
Online Shopping Surge Puts Focus on Consumer Security Habits
News  |  11/18/2020  | 
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
News  |  11/18/2020  | 
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
Trump Fires CISA Director Chris Krebs
Quick Hits  |  11/18/2020  | 
Christopher Krebs was fired via tweet shortly after the Cybersecurity and Infrastructure Security Agency called the 2020 election "the most secure in American history."
As Businesses Move to Multicloud Approach, Ransomware Follows
News  |  11/18/2020  | 
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
How to Identify Cobalt Strike on Your Network
Commentary  |  11/18/2020  | 
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Researchers Say They've Developed Fastest Open Source IDS/IPS
News  |  11/18/2020  | 
With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
News  |  11/17/2020  | 
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
EFF, Security Experts Condemn Politicization of Election Security
Quick Hits  |  11/17/2020  | 
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
Vulnerability Prioritization Tops Security Pros' Challenges
Commentary  |  11/17/2020  | 
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Researchers Scan for Supply-Side Threats in Open Source
News  |  11/17/2020  | 
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
Commentary  |  11/17/2020  | 
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
Security Risks Discovered in Tesla Backup Gateway
Quick Hits  |  11/17/2020  | 
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
Ransomware Operator Promotes Distributed Storage for Stolen Data
News  |  11/17/2020  | 
The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.
Breakdown of a Break-in: A Manufacturer's Ransomware Response
News  |  11/16/2020  | 
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review
News  |  11/16/2020  | 
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
Page 1 / 2   >   >>


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.