Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Deadly Ransomware Story Continues to Unfold
Quick Hits  |  9/18/2020  | 
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
Deepfake Detection Poses Problematic Technology Race
News  |  9/18/2020  | 
Experts hold out little hope for a robust technical solution in the long term.
Mitigating Cyber-Risk While We're (Still) Working from Home
Commentary  |  9/18/2020  | 
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Indictments Unlikely to Deter China's APT41 Activity
News  |  9/17/2020  | 
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
News  |  9/17/2020  | 
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Ransomware Gone Awry Has Fatal Consequences
Quick Hits  |  9/17/2020  | 
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Sumo Logic IPO Prices Higher Than Expected
News  |  9/17/2020  | 
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
COVID-19: Latest Security News & Commentary
News  |  9/17/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
What's on Your Enterprise Network? You Might Be Surprised
News  |  9/16/2020  | 
The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
News  |  9/16/2020  | 
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
DDoS Attacks Rose 151% in First Half of 2020
Quick Hits  |  9/16/2020  | 
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
Most Organizations Plan to Make COVID-19 Changes Permanent
News  |  9/16/2020  | 
After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.
US Charges Five Members of China-Linked APT41 for Global Attacks
Quick Hits  |  9/16/2020  | 
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
CISA Joins MITRE to Issue Vulnerability Identifiers
News  |  9/16/2020  | 
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
Meet the Computer Scientist Who Helped Push for Paper Ballots
News  |  9/16/2020  | 
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Rethinking Resilience: Tips for Your Disaster Recovery Plan
News  |  9/15/2020  | 
As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.
More Cyberattacks in the First Half of 2020 Than in All of 2019
News  |  9/15/2020  | 
The pandemic-related shift to remote work and the growing availability of ransomware-as-a-service were two major drivers, CrowdStrike says.
CISA Issues Alert for Microsoft Netlogon Vulnerability
Quick Hits  |  9/15/2020  | 
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Commentary  |  9/15/2020  | 
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Simplify Your Privacy Approach to Overcome CCPA Challenges
Commentary  |  9/15/2020  | 
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
News  |  9/14/2020  | 
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
Large Cloud Providers Much Less Likely Than Enterprises to Get Breached
News  |  9/14/2020  | 
Pen-test results also show a majority of organizations have few protections against attackers already on the network.
E-Commerce Sites Hit With New Attack on Magento
Quick Hits  |  9/14/2020  | 
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
Security Through an Economics Lens: A Guide for CISOs
News  |  9/14/2020  | 
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
Ransomware Hits US District Court in Louisiana
Quick Hits  |  9/14/2020  | 
The ransomware attack has exposed internal documents from the court and knocked its website offline.
Virginia's Largest School System Hit With Ransomware
Quick Hits  |  9/14/2020  | 
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
Open Source Security's Top Threat and What To Do About It
Commentary  |  9/14/2020  | 
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
More Printers Could Mean Security Problems for Home-Bound Workers
News  |  9/14/2020  | 
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
A Real-World Tool for Organizing, Integrating Third-Party Tools
A Real-World Tool for Organizing, Integrating Third-Party Tools
Dark Reading Videos  |  9/13/2020  | 
Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time
News  |  9/11/2020  | 
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.
Fraud Prevention During the Pandemic
Commentary  |  9/11/2020  | 
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Cyber-Risks Explode With Move to Telehealth Services
News  |  9/10/2020  | 
The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
US Sanctions Russian Attackers for 2020 Election Interference
News  |  9/10/2020  | 
The move comes as Microsoft publishes research on attack groups and activity attempting to target the Biden and Trump campaigns.
6 Lessons IT Security Can Learn From DevOps
Slideshows  |  9/10/2020  | 
DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?
News  |  9/10/2020  | 
Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter Cyber, Physical & Technology at Brit Insurance.
ThreatConnect Buys Nehemiah Security
Quick Hits  |  9/10/2020  | 
Threat intelligence firm adds Nehemiah's Risk Quantifier to its platform.
Zoom Brings Two-Factor Authentication to All Users
Quick Hits  |  9/10/2020  | 
This marks the latest step Zoom has taken to improve user security as more employees work from home.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Commentary  |  9/10/2020  | 
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Commentary  |  9/10/2020  | 
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
Ransomware Attacks Disrupt School Reopenings
News  |  9/9/2020  | 
A flurry of recent attacks is complicating attempts to deliver classes online at some schools in different parts of the country.
Legality of Security Research to Be Decided in US Supreme Court Case
News  |  9/9/2020  | 
A ruling that a police officer's personal use of a law enforcement database is "hacking" has security researchers worried for the future.
Meet the Middlemen Who Connect Cybercriminals With Victims
News  |  9/9/2020  | 
An analysis of initial access brokers explains how they break into vulnerable organizations and sell their access for up to $10,000.
Inova Suffers Third-Party Data Breach
Quick Hits  |  9/9/2020  | 
The breach occurred as part of a ransomware attack against service provider Blackbaud.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.