Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Tips for Maintaining Information Security During Layoffs
What Usability Means to Security Pros
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Name That Toon: Return to the New Normal
COVID-19: Latest Security News & Commentary
News & Commentary
Q&A: Eugene Spafford on the Risks of Internet Voting
Jai Vijayan, Contributing WriterNews
Allowing people to cast their ballots online to circumvent coronavirus-related health concerns introduces problems that we simply don't know how to manage, says the Purdue University professor and security leader.
By Jai Vijayan Contributing Writer, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
Spear-Phishing Campaign Hits Developer Collaboration System Users
Dark Reading Staff, Quick Hits
Users of Zeplin, a popular developer and designer collaboration system, have been hit with new waves of spear-phishing attacks in the last month.
By Dark Reading Staff , 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sign of the Tides
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/5/2020
Comment3 comments  |  Read  |  Post a Comment
Local, State Governments Face Cybersecurity Crisis
Robert Lemos, Contributing WriterNews
Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.
By Robert Lemos Contributing Writer, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
The Privacy & Security Outlook for Businesses Post-COVID-19
Aaron Shum, Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research GroupCommentary
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
By Aaron Shum Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research Group, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 6/5/2020
Comment11 comments  |  Read  |  Post a Comment
New 'Tycoon' Ransomware Strain Targets Windows, Linux
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides in Resumes and Medical Leave Forms
Dark Reading Staff, Quick Hits
The campaigns have been part of the overall increase in coronavirus-related malware activity.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Strengthening Secure Information Sharing Through Technology & Standards
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
By Ameesh Divatia Co-Founder & CEO of Baffle, 6/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Office Files Most Popular for Exploit Tests
Dark Reading Staff, Quick Hits
A new report examines attacker methodologies to better understand how exploit testing is conducted in the wild.
By Dark Reading Staff , 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
Could Automation Kill the Security Analyst?
Corin Imai, Senior Security Advisor, DomainToolsCommentary
Five skills to ensure job security in the Age of Automation.
By Corin Imai Senior Security Advisor, DomainTools, 6/4/2020
Comment0 comments  |  Read  |  Post a Comment
What Usability Means to Security Pros
Ericka Chickowski, Contributing Writer
The last thing cybersecurity executives and practitioners need are even more tools that are difficult to operate. Here's what they look for when assessing new tools.
By Ericka Chickowski Contributing Writer, 6/4/2020
Comment1 Comment  |  Read  |  Post a Comment
Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems
Jai Vijayan, Contributing WriterNews
'USBCulprit' is one of several tools that suggest previously known Cycldek group is more dangerous than previous assumed, security vendor says.
By Jai Vijayan Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Curtis Franklin Jr., Senior Editor at Dark Reading
Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Google Faces $5B Lawsuit for Tracking Users in Incognito Mode
Dark Reading Staff, Quick Hits
A proposed class-action lawsuit accuses Google of collecting browser data from people who used "private" mode.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Chasing RobbinHood: Up Close with an Evolving Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
By Kelly Sheridan Staff Editor, Dark Reading, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Old Spreadsheet Macro Tech Newly Popular with Criminals
Dark Reading Staff, Quick Hits
A 30-year-old macro technology for Microsoft Excel is finding new popularity as a cybersecurity attack vector.
By Dark Reading Staff , 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Many Exchange Servers Are Still Vulnerable to Remote Exploit
Robert Lemos, Contributing WriterNews
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
By Robert Lemos Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Social Distancing for Healthcare's IoT Devices
Ori Bach, CEO of TrapX SecurityCommentary
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
By Ori Bach CEO of TrapX Security, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Security Is the Most Requested New Service that Customers Want from MSPs
RedSeal Appoints Bryan Barney as New CEO
Armor Upgrades Armor Anywhere Threat Detection and Response Technology
CISA Releases New Cyber Essentials Toolkit
Intrusion Inc. Appoints Jack Blount as President and Chief Executive Officer
Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers
RiskIQ Creates Complimentary COVID-19 Internet Intelligence Gateway to Fight Pandemic of Cybercrime
RackTop BrickStor SP Secure NAS data security platform now resold by Hewlett Packard Enterprise
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Name That Toon: Sign of the Tides
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.
10 Tips for Maintaining Information Security During Layoffs
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.
Flash Poll
Video
Slideshows
Twitter Feed