Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
5 Signs Someone Might be Taking Advantage of Your Security Goodness
Joshua Goldfarb, Director of Product Management at F5
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
By Joshua Goldfarb Director of Product Management at F5, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Akshay Bhargava, Chief Product Officer at MalwarebytesCommentary
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
By Akshay Bhargava Chief Product Officer at Malwarebytes, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing WriterNews
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
By Robert Lemos Contributing Writer, 11/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Version of TrickBot Employs Clever New Obfuscation Trick
Jai Vijayan, Contributing WriterNews
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
By Jai Vijayan Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment1 Comment  |  Read  |  Post a Comment
How Ransomware Defense Is Evolving With Ransomware Attacks
Joan Goodchild, Contributing Writer
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
By Joan Goodchild Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Warns of Holiday Online Shopping Scams
Dark Reading Staff, Quick Hits
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
By Dark Reading Staff , 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Alexa, Disarm the Victim's Home Security System
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark ReadingNews
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 11/24/2020
Comment1 Comment  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
What's in Store for Privacy in 2021
Robert Lemos, Contributing WriterNews
Changes are coming to the privacy landscape, including more regulations and technologies.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Printers' Cybersecurity Threats Too Often Ignored
Shivaun Albright, Chief Technologist of Print Security, HP Inc.Commentary
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
By Shivaun Albright Chief Technologist of Print Security, HP Inc., 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Sound Alarm on Smart Doorbells
Jai Vijayan, Contributing WriterNews
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
By Jai Vijayan Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Grows Easier to Spread, Harder to Block
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Manchester United Suffers Cyberattack
Dark Reading Staff, Quick Hits
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
By Dark Reading Staff , 11/23/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Abnormal Security Raises $50M in Series B Funding
Digital Shadows Launches Sensitive Document Alerts With Added Context
Claroty Partners with CrowdStrike to Protect Industrial Control System Environments
Cloud-Native Security Platform Deepfence Announces $9.5 Million Series A Investment Led by AllegisCyber
Rubrik's Pioneering Cloud Data Management Platform Gets Major Update
Arctic Wolf Expands Operations to Toronto and San Antonio
RangeForce Ushers in New Era of Hands-on Cybersecurity Training Certification with Workforce-Ready Cert Program
Unbound Tech Raises $20M in Series B Funding to Support Global Growth
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

5 Signs Someone Might be Taking Advantage of Your Security Goodness
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
How Ransomware Defense Is Evolving With Ransomware Attacks
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
How Industrial IoT Security Can Catch Up With OT/IT Convergence
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Flash Poll
Video
Slideshows
Twitter Feed