Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
New 'Tycoon' Ransomware Strain Targets Windows, Linux
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides in Resumes and Medical Leave Forms
Dark Reading Staff, Quick Hits
The campaigns have been part of the overall increase in coronavirus-related malware activity.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Strengthening Secure Information Sharing Through Technology & Standards
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
By Ameesh Divatia Co-Founder & CEO of Baffle, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office Files Most Popular for Exploit Tests
Dark Reading Staff, Quick Hits
A new report examines attacker methodologies to better understand how exploit testing is conducted in the wild.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Could Automation Kill the Security Analyst?
Corin Imai, Senior Security Advisor, DomainToolsCommentary
Five skills to ensure job security in the Age of Automation.
By Corin Imai Senior Security Advisor, DomainTools, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 6/4/2020
Comment11 comments  |  Read  |  Post a Comment
What Usability Means to Security Pros
Ericka Chickowski, Contributing Writer
The last thing cybersecurity executives and practitioners need are even more tools that are difficult to operate. Here's what they look for when assessing new tools.
By Ericka Chickowski Contributing Writer, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems
Jai Vijayan, Contributing WriterNews
'USBCulprit' is one of several tools that suggest previously known Cycldek group is more dangerous than previous assumed, security vendor says.
By Jai Vijayan Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Curtis Franklin Jr., Senior Editor at Dark Reading
Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Google Faces $5B Lawsuit for Tracking Users in Incognito Mode
Dark Reading Staff, Quick Hits
A proposed class-action lawsuit accuses Google of collecting browser data from people who used "private" mode.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Chasing RobbinHood: Up Close with an Evolving Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
By Kelly Sheridan Staff Editor, Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Old Spreadsheet Macro Tech Newly Popular with Criminals
Dark Reading Staff, Quick Hits
A 30-year-old macro technology for Microsoft Excel is finding new popularity as a cybersecurity attack vector.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Many Exchange Servers Are Still Vulnerable to Remote Exploit
Robert Lemos, Contributing WriterNews
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
By Robert Lemos Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Social Distancing for Healthcare's IoT Devices
Ori Bach, CEO of TrapX SecurityCommentary
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
By Ori Bach CEO of TrapX Security, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Mobile Phishing Attacks Increase Sharply
Jai Vijayan, Contributing WriterNews
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.
By Jai Vijayan Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Fall Short on Mandatory Reporting of Cybercrimes
Robert Lemos, Contributing WriterNews
Understaffed and under fire, companies fail to report cybercrimes even when they are legally obligated to notify authorities, results of a new survey show.
By Robert Lemos Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Risk Assessment & the Human Condition
Joshua Goldfarb, Independent ConsultantCommentary
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
By Joshua Goldfarb Independent Consultant, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
RedSeal Appoints Bryan Barney as New CEO
Armor Upgrades Armor Anywhere Threat Detection and Response Technology
CISA Releases New Cyber Essentials Toolkit
Intrusion Inc. Appoints Jack Blount as President and Chief Executive Officer
Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers
RiskIQ Creates Complimentary COVID-19 Internet Intelligence Gateway to Fight Pandemic of Cybercrime
RackTop BrickStor SP Secure NAS data security platform now resold by Hewlett Packard Enterprise
New Research Indicates 84% of Businesses Will Likely Increase Work-from-Home Capacity Beyond Pandemic Despite Security Concerns
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
10 Tips for Maintaining Information Security During Layoffs
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...
Flash Poll
Video
Slideshows
Twitter Feed