Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Securing Slack: 5 Tips for Safer Messaging, Collaboration
A 7-Step Cybersecurity Plan for Healthcare Organizations
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
FIRST Announces Cyber-Response Ethical Guidelines
Dark Reading Staff, Quick Hits
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
By Dark Reading Staff , 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Oracle Releases Another Mammoth Security Patch Update
Jai Vijayan, Contributing WriterNews
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
By Jai Vijayan Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
Robert Lemos, Contributing WriterNews
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
As Smartphones Become a Hot Target, Can Mobile EDR Help?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
How AI Will Supercharge Spear-Phishing
Darktrace Experts, Staff
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
By Darktrace Experts Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
IASME Consortium to Kick-start New IoT Assessment Scheme
IFSEC Global, StaffNews
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
By IFSEC Global Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Robert Lemos, Contributing WriterNews
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Attacks Show Little Sign of Slowing in 2021
Jai Vijayan, Contributing WriterNews
With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
By Jai Vijayan Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Do Standards Exist That Certify Secure IoT Systems?
Loren Browman, Senior Security Consultant, Optiv
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
By Loren Browman Senior Security Consultant, Optiv, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Dark Reading Staff, Quick Hits
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Farsight Labs Launched as Security Collaboration Platform
Dark Reading Staff, Quick Hits
Farsight Security's platform will offer no-cost access to certain tools and services.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
Robert Lemos, Contributing WriterNews
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
By Robert Lemos Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSS Labs Shuttered
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The testing firm's website says it has "ceased operations" as of Oct. 15.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Splunk Unveils New Innovations Across Its Security Operations Suite
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Splunk Acquires Plumbr, Agrees to Acquire Rigor
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Corsa Security Automates Firewall as a Service
ReliaQuest’s GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

How AI Will Supercharge Spear-Phishing
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed