Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
Security Researchers Sound Alarm on Smart Doorbells
Jai Vijayan, Contributing WriterNews
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
By Jai Vijayan Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Grows Easier to Spread, Harder to Block
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Manchester United Suffers Cyberattack
Dark Reading Staff, Quick Hits
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
By Dark Reading Staff , 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Dark Reading Staff, Quick Hits
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
By Dark Reading Staff , 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Vinay Sridhara, CTO at BalbixCommentary
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
By Vinay Sridhara CTO at Balbix, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
How Retailers Can Fight Fraud and Abuse This Holiday Season
Sunil Potti, General Manager and Vice President, Google Cloud SecurityCommentary
Online shopping will be more popular than ever with consumers... and with malicious actors too.
By Sunil Potti General Manager and Vice President, Google Cloud Security, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
10 Undergraduate Security Degree Programs to Explore
Kelly Sheridan, Staff Editor, Dark Reading
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Messenger Flaw Enabled Spying on Android Callees
Dark Reading Staff, Quick Hits
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
By Dark Reading Staff , 11/20/2020
Comment1 Comment  |  Read  |  Post a Comment
How Industrial IoT Security Can Catch Up With OT/IT Convergence
Curtis Franklin Jr., Senior Editor at Dark Reading
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Security Pros Push for More Pervasive Threat Modeling
Robert Lemos, Contributing WriterNews
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
By Robert Lemos Contributing Writer, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
How Cyberattacks Work
Ray Espinoza, Director of Security at Cobalt.ioCommentary
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
By Ray Espinoza Director of Security at Cobalt.io, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Telos Goes Public
Jai Vijayan, Contributing WriterNews
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
By Jai Vijayan Contributing Writer, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
Dark Reading Staff, Quick Hits
The data breach began with a compromised employee email account.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
ISP Security: Do We Expect Too Much?
Pam Baker, Contributing Writer
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
By Pam Baker Contributing Writer, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals Get Creative With Google Services
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attacks take advantage of popular services, including Google Forms and Google Docs.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Go SMS Pro Messaging App Exposed Users' Private Media Files
Dark Reading Staff, Quick Hits
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTekCommentary
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
By Andrew Lowe Senior Information Security Consultant, TalaTek, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 11/19/2020
Comment23 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25660
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
CVE-2020-25688
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
CVE-2020-25696
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
CVE-2020-26229
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
CVE-2020-28984
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
Flash Poll
Video
Slideshows
Twitter Feed