Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
Kelly Sheridan, Staff Editor, Dark ReadingNews
Gunter Ollman explains the benefits of CPSM technology, how IT security teams have evolved, and how the pandemic has shaped security.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Kmart Hit by Egregor Ransomware
Dark Reading Staff, Quick Hits
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
By Dark Reading Staff , 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
BECs and EACs: What's the Difference?
Curtis Franklin Jr., Senior Editor at Dark Reading
Email accounts are common targets for attack. Understanding how attack types differ is critical for successful defense.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely
Robert Lemos, Contributing WriterNews
Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.
By Robert Lemos Contributing Writer, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Rotem Iram, Founder & CEO, At-BayCommentary
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
By Rotem Iram Founder & CEO, At-Bay, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain
Jai Vijayan, Contributing WriterNews
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
TrickBot's New Tactic Threatens Firmware
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover New Obfuscation-As-a-Service Platform
Ericka Chickowski, Contributing WriterNews
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
By Ericka Chickowski Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Common Container Manager Is Vulnerable to Dangerous Exploit
Dark Reading Staff, Quick Hits
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
By Dark Reading Staff , 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of LightspinCommentary
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
By Or Azarzar CTO & Co-Founder of Lightspin, 12/3/2020
Comment1 Comment  |  Read  |  Post a Comment
US Officials Take Action Against 2,300 Money Mules
Dark Reading Staff, Quick Hits
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
By Dark Reading Staff , 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Bypass Next-Generation Endpoint Protection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Michele Commentary
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
By Michele "MB" Bettencourt Executive Chairperson, Corelight, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
Jai Vijayan, Contributing WriterNews
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Open Source Flaws Take Years to Find But Just a Month to Fix
Robert Lemos, Contributing WriterNews
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
By Robert Lemos Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in the Biden Administration: Experts Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security pros and former government employees share their expectations and concerns for the new administration – and their hope for a "return to normal."
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Dark Reading Staff, Quick Hits
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
By Dark Reading Staff , 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Loyal Employee ... or Cybercriminal Accomplice?
Pam Baker, Contributing Writer
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
By Pam Baker Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security Slipup Exposes Health Records & Lab Results
Dark Reading Staff, Quick Hits
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
By Dark Reading Staff , 12/2/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
NetSPI Acquires Silent Break Security
Netenrich Serves A La Carte SOC for Midmarket IT
Infamous Hacker-for-Hire Group DeathStalker Hits the Americas & Europe With New PowerPepper Malware
Kudelski Security Expands Research and Advisory Services to Quantum Security
New Net Technologies (NNT) Launches Change Tracker for Cloud and Container Environments
Imprivata Acquires FairWarning to Expand Digital Identity Platform
Secureworks to Deliver New Threat Detection and Response Security Analytics Features
Philips Expands Its Healthcare Customer Services Portfolio with Integrated Cybersecurity Services
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

BECs and EACs: What's the Difference?
Email accounts are common targets for attack. Understanding how attack types differ is critical for successful defense.
Loyal Employee ... or Cybercriminal Accomplice?
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
SASE 101: Why All the Buzz?
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29572
PUBLISHED: 2020-12-06
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
CVE-2020-29573
PUBLISHED: 2020-12-06
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\...
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed