Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
9 Tips to Prepare for the Future of Cloud & Network Security
12 Bare-Minimum Benchmarks for AppSec Initiatives
A Hacker's Playlist
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
New HP Bug Bounty Program Targets Vulns in Printer Cartridges
Jai Vijayan, Contributing WriterNews
White-hat hackers will receive $10,000 for each security bug they discover plus a base fee, under this invitation-only initiative.
By Jai Vijayan Contributing Writer, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury Warns of Sanctions Violations for Paying Ransomware Attackers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An alarming new advisory issued today by the federal government could upend ransomware response.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros
Seth Rosenblatt, Contributing Writer
From WarGames, to Aaron Swartz, to bug bounties, to Van Buren, here's what cybersecurity researchers should know about the US's primary anti-hacking law before it gets its day in the Supreme Court.
By Seth Rosenblatt Contributing Writer, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
Imperva Agrees to Buy jSonar
Dark Reading Staff, Quick Hits
The deal is expected to close in mid-October.
By Dark Reading Staff , 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Aviv Grafi, CEO & Founder, VotiroCommentary
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.
By Aviv Grafi CEO & Founder, Votiro, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
Russian National Sentenced to 7+ Years for Hacking US Tech Firms
Dark Reading Staff, Quick Hits
Yevgeniy Nikulin received an 88-month sentence for breaking into LinkedIn, Dropbox, and the now-defunct social platform Formspring.
By Dark Reading Staff , 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking: The Unseen Threat
Matt Honea, Senior Director, Cybersecurity, Guidewire SoftwareCommentary
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.
By Matt Honea Senior Director, Cybersecurity, Guidewire Software, 10/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Rise in Remote MacOS Workers Driving Cybersecurity 'Rethink'
Robert Lemos, Contributing WriterNews
With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.
By Robert Lemos Contributing Writer, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 10/1/2020
Comment22 comments  |  Read  |  Post a Comment
The No Good, Very Bad Week for Iran's Nation-State Hacking Ops
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Tool Spots Security Vulnerabilities in Code
Jai Vijayan, Contributing WriterNews
Scanner, which just became generally available, lets developers spot problems before code gets into production.
By Jai Vijayan Contributing Writer, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Misconfiguration Mishaps Businesses Must Watch
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
What Legal Language Should I Look Out for When Selecting Cyber Insurance?
Edge Editors, Dark Reading
At times, vague coverage can actually work for you.
By Edge Editors Dark Reading, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
A Guide to the NIST Cybersecurity Framework
IFSEC Global, StaffNews
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
By By Julian Hall, Freelance Journalist and Copywriter, Textual Healing , 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Creates Opening for OT Security Reform
John Livingston, CEO of Verve Industrial ProtectionCommentary
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
By John Livingston CEO of Verve Industrial Protection, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures
Dark Reading Staff, Quick Hits
Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.
By Dark Reading Staff , 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of LumuCommentary
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
By Ricardo Villadiego Founder and CEO of Lumu, 9/30/2020
Comment3 comments  |  Read  |  Post a Comment
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Robert Lemos, Contributing WriterNews
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
By Robert Lemos Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Soar in First Half of 2020
Dark Reading Staff, Quick Hits
Shorter, faster, multivector attacks had a greater impact on victims.
By Dark Reading Staff , 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
New Campaign by China-Linked Group Targets US Orgs for First Time
Jai Vijayan, Contributing WriterNews
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.
By Jai Vijayan Contributing Writer, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Brad Brooks
Current Conversations Thanks for your thoughts
In reply to: Thank you
Post Your Own Reply
Posted by JohnHammond
Current Conversations Nice article!
In reply to: Great!
Post Your Own Reply
More Conversations
Products & Releases
Red Canary Delivers Alert Fatigue Relief for Security Teams
Jamf Announces Acquisition of Mondada, a Leading Innovator in Patch Management
Cyber Readiness Institute and US Department of Homeland Security Partner to Help US Businesses Secure Remote Workforces
VMware Delivers Intrinsic Security to the World's Digital Infrastructure
Attacks Against Building Automation, Oil and Gas Industries Up in First Half of 2020
Secureworks Completes Acquisition of Delve Laboratories, Inc.
Thales Empowers Organisations to Simplify the Discovery, Protection and Control of Sensitive Data
New Report Unveils the Most Vulnerable Sectors & Departments to Phishing Attacks
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros
From WarGames, to Aaron Swartz, to bug bounties, to Van Buren, here's what cybersecurity researchers should know about the US's primary anti-hacking law before it gets its day in the Supreme Court.
What Legal Language Should I Look Out for When Selecting Cyber Insurance?
At times, vague coverage can actually work for you.
Securing Slack: 5 Tips for Safer Messaging, Collaboration
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15664
PUBLISHED: 2020-10-01
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extensi...
CVE-2020-15665
PUBLISHED: 2020-10-01
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.
CVE-2020-15666
PUBLISHED: 2020-10-01
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status t...
CVE-2020-15667
PUBLISHED: 2020-10-01
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled ...
CVE-2020-15668
PUBLISHED: 2020-10-01
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed