Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Securing Slack: 5 Tips for Safer Messaging, Collaboration
A 7-Step Cybersecurity Plan for Healthcare Organizations
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
Robert Lemos, Contributing WriterNews
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
By Robert Lemos Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSS Labs Shuttered
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The testing firm's website says it has "ceased operations" as of Oct. 15.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
GravityRAT Spyware Targets Android & MacOS in India
Dark Reading Staff, Quick Hits
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff, Quick Hits
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
By Ericka Chickowski Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Chart: The Pandemic Reprioritizes Security Projects
Edge Editors, Dark Reading
Responses among IT and security pros reflect concern over vulnerabilities incurred by workers accessing the enterprise network from poorly protected home networks.
By Edge Editors Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A Swift Reminder About Cybersecurity
Edge Editors, Dark Reading
The hackers gonna crack, crack, crack, crack, crack ...
By Edge Editors Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Expert Tips to Keep WordPress Safe
Curtis Franklin Jr., Senior Editor at Dark Reading
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Dark Reading Staff, Quick Hits
At least three campaigns are now underway.
By Dark Reading Staff , 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
By Kelly Sheridan Staff Editor, Dark Reading, 10/16/2020
Comment1 Comment  |  Read  |  Post a Comment
An Uncommon 20 Years of Commonly Enumerating Vulns
Curtis Franklin Jr., Senior Editor at Dark Reading
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Academia Adopts Mitre ATT&CK Framework
Robert Lemos, Contributing WriterNews
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
By Robert Lemos Contributing Writer, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Losses Up 50%, Exceeding $1.8B
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
By Marc Wilczek Digital Strategist & COO of Link11, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Prolific Cybercrime Group Now Focused on Ransomware
Robert Lemos, Contributing WriterNews
Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion.
By Robert Lemos Contributing Writer, 10/15/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by karthik.k16
Current Conversations Thanks. Very informative
In reply to: Great article
Post Your Own Reply
More Conversations
Products & Releases
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Corsa Security Automates Firewall as a Service
ReliaQuest’s GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities
ROKK Solutions Launches New Cybersecurity Communications Offering
Thales Alerts on the Risks Linked to Cybercrime in Its New Edition of the 'CyberThreat Handbook: Organised Cybercrime'
StackRox and Robin.io Partner to Deliver Hardened Security, Compliance and Data Management for Stateful Applications on Kubernetes
Digital Shadows launches access key alerts -- to mitigate the growing problem of credentials exposed during software development
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
An Uncommon 20 Years of Commonly Enumerating Vulns
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
What's Really Happening in Infosec Hiring Now?
As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed