Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News from Omdia

Latest Content
Bringing Zero Trust to Secure Remote Access
Commentary  |  1/12/2021  | 
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
Commentary  |  1/11/2021  | 
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
Commentary  |  11/30/2020  | 
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership
Commentary  |  10/29/2020  | 
Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference
Commentary  |  10/13/2020  | 
Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Commentary  |  10/6/2020  | 
Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report.
IDaaS: A New Era of Cloud Identity
Commentary  |  9/30/2020  | 
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Commentary  |  9/15/2020  | 
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay
Commentary  |  8/20/2020  | 
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers
Commentary  |  8/20/2020  | 
The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Commentary  |  8/13/2020  | 
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
A Real-World Tool for Organizing, Integrating Your Other Tools
News  |  8/6/2020  | 
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
Supporting Women in InfoSec
News  |  8/5/2020  | 
Maxine Holt, research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs now.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Commentary  |  8/3/2020  | 
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Commentary  |  7/22/2020  | 
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Commentary  |  7/20/2020  | 
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
What's Your Cybersecurity Architecture Integration Business Plan?
Commentary  |  4/28/2020  | 
To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
It's Time to Break the 'Rule of Steve'
Commentary  |  2/20/2020  | 
Today, in a room full of cybersecurity professionals, there are still more people called Steve than there are women.
Ovum to Expand Cybersecurity Research Under New Omdia Group
News  |  2/14/2020  | 
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
Cybersecurity Vendor Landscape Transforming as Symantec, McAfee Enter New Eras
Commentary  |  2/6/2020  | 
Two years ago, Symantec and McAfee were both primed for a comeback. Today, both face big questions about their future.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
Skepticism About Symantec and Trepidation About IoT
News  |  8/10/2019  | 
BLACK HAT 2019 -- Expert analysts from Informa, Eric Parizo and Tanner Johnson visit the Dark Reading News Desk to talk about the shake-ups at Symantec and trends in IoT security.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
How to Help Your Board Navigate Cybersecurity's Legal Risks
Commentary  |  4/30/2019  | 
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what's at stake and what CISOs can do to mitigate the damage.


More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36192
PUBLISHED: 2021-01-18
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php p...
CVE-2020-36193
PUBLISHED: 2021-01-18
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...