Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in August 2016
Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing
Partner Perspectives  |  8/31/2016  | 
By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency.
How To Bullet Proof Your PAM Accounts: 7 Tips
Slideshows  |  8/26/2016  | 
Recent studies demonstrate the need for companies to focus more on their privileged users.
Security Leadership & The Art Of Decision Making
Commentary  |  8/24/2016  | 
What a classically-trained guitarist with a Masters Degree in counseling brings to the table as head of cybersecurity and privacy at one of the worlds major healthcare organizations.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Spearphishing: Its Curiosity That Makes Them Click
News  |  8/9/2016  | 
Researchers prove that people can be fooled just because they want to know whats on the other end of that email. Here are three steps you can take without spending too much money.
Dark Reading News Desk Coming Back To Black Hat, Live
News  |  8/4/2016  | 
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
8 Alternatives to Selfie Authentication
Slideshows  |  8/4/2016  | 
How to definitively prove your identity? A variety of anatomical parts and functions may soon be able to vouch for you.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Georgia Man Pleads Guilty To Hacking, Insider Trading
Quick Hits  |  8/3/2016  | 
Leonid Momotok breached newswire networks and used confidential data for illegal trades worth $30 million.
US Navy Organizes Cybersecurity Simulation
Quick Hits  |  8/3/2016  | 
Naval interns create 'Capture the Flag' challenge to protect US Navy cyberspace.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
5 Email Security Tips to Combat Macro-Enabled Ransomware
Slideshows  |  8/2/2016  | 
Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can.
Clinton Campaign To Hold Cybersecurity-Themed Fundraiser In Vegas
Quick Hits  |  8/2/2016  | 
Cybersecurity experts to head event during the ongoing Black Hat hacker conference this week.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...
CVE-2020-26301
PUBLISHED: 2021-09-20
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted inpu...
CVE-2021-39325
PUBLISHED: 2021-09-20
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.