Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV: Dark Reading News Desk @ Black Hat USA

Improving Security Savvy Of Execs And Board Room
Improving Security Savvy Of Execs And Board Room
Dark Reading Videos  |  9/28/2016  | 
Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.
D-FENSE! Using Research To Craft Effective Cyber Defenses
D-FENSE! Using Research To Craft Effective Cyber Defenses
Dark Reading Videos  |  9/23/2016  | 
A pair of experts from Imperva stops by the Dark Reading News Desk to chat.
How Windows 10 Stops Script-Based Attacks On The Fly
How Windows 10 Stops Script-Based Attacks On The Fly
Dark Reading Videos  |  9/21/2016  | 
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
 How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
Dark Reading Videos  |  9/20/2016  | 
Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.
Rise Of Machine Learning: Advancing Security With ML
Rise Of Machine Learning: Advancing Security With ML
Dark Reading Videos  |  9/20/2016  | 
Hal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.
The Future Of AI-Based Cybersecurity: It's Here Now
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Videos  |  9/19/2016  | 
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
Stop Blaming Users. Make Security User-Friendly.
Stop Blaming Users. Make Security User-Friendly.
Dark Reading Videos  |  9/15/2016  | 
Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'
Making The Dark Web Less Scary
Making The Dark Web Less Scary
Dark Reading Videos  |  9/14/2016  | 
Lance James, chief scientist at Flashpoint, stops by the Dark Reading News Desk to share his thoughts about the Dark Web.
Keep It Simple: Security For A Complex Enterprise
Keep It Simple: Security For A Complex Enterprise
Dark Reading Videos  |  9/14/2016  | 
Michelle Cobb of Skybox Security talks to Dark Reading about security management.
Taking Down Impersonators: Methods For Combating Email Fraud
Taking Down Impersonators: Methods For Combating Email Fraud
Dark Reading Videos  |  9/14/2016  | 
Bob Adams, cybersecurity strategist at Mimecast, stops by the Black Hat News Desk.
Wisdom From A Thought Leader: AppSec Best Practices
Wisdom From A Thought Leader: AppSec Best Practices
Dark Reading Videos  |  9/14/2016  | 
The Black Hat News Desk chats with Jeff Williams, CTO at Contrast Security.
Yes, Your Database Can Be Breached Through A Coffee Pot
Yes, Your Database Can Be Breached Through A Coffee Pot
Dark Reading Videos  |  9/13/2016  | 
Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.
Dan Kaminsky On How Not To Lose The Internet As We Know It
Dan Kaminsky On How Not To Lose The Internet As We Know It
Dark Reading Videos  |  9/12/2016  | 
Dan Kaminsky discusses how to improve the security and privacy of the Internet without destroying the openness and freedom to innovate that it has always provided.
Look The Other Way: DDoS Attacks As Diversions
Look The Other Way: DDoS Attacks As Diversions
Dark Reading Videos  |  9/7/2016  | 
Black Hat News Desk talks to Joe Loveless of Neustar.
Bad Boys, Whatcha Gonna Do When They Come For You?
Bad Boys, Whatcha Gonna Do When They Come For You?
Dark Reading Videos  |  9/7/2016  | 
A Black Hat News Desk discussion with Shehzad Merchant of Gigamon.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...