Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Post-COVID-19 Security Spending Update
A Hacker's Playlist
6 Lessons IT Security Can Learn From DevOps
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Gaming Industry Hit With 10B+ Attacks In Past Two Years
Nicole Ferraro, Contributing Writer
Criminals scored big with credential stuffing and web app attacks, yet many gamers seem unfazed.
By Nicole Ferraro Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark ReadingNews
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing WriterNews
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
By Robert Lemos Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
India's Cybercrime and APT Operations on the Rise
Jai Vijayan, Contributing WriterNews
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.
By Jai Vijayan Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Azure Defender for IoT Uses CyberX Tech
Dark Reading Staff, Quick Hits
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Making the Case for Medical Device Cybersecurity
Sarah Katz, Senior Cyber Security Analyst at NASA Ames Research Center
With an increasing number of Internet-connected medical devices in use to manage diabetes, protection against a variety of wireless network attacks could very well be a matter of life and death for patients.
By Sarah Katz Senior Cyber Security Analyst at NASA Ames Research Center, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
FBI, DHS Warn of 'Likely' Disinformation Campaigns About Election Results
Dark Reading Staff, Quick Hits
Nation-state actors and cybercriminals could wage cyberattacks and spread false information about the integrity of the election results while officials certify the final vote counts.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
12 Bare-Minimum Benchmarks for AppSec Initiatives
Ericka Chickowski, Contributing Writer
The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.
By Ericka Chickowski Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Small Manufacturing Firms
Robert Lemos, Contributing WriterNews
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
By Robert Lemos Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Programs See Signups & Payouts Surge
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security service JupiterOne spins off from a healthcare service provider's homegrown technology.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Can Schools Pass Their Biggest Cybersecurity Test Yet?
Joan Goodchild, Contributing Writer
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
By Joan Goodchild Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Extends Data Loss Prevention to Cloud App Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Permission Management & the Goldilocks Conundrum
Dotan Bar Noy, Co-Founder and CEO, AuthomizeCommentary
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
By Dotan Bar Noy Co-Founder and CEO, Authomize, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Nearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of Work
Steve Zurier, Contributing WriterNews
New research shows how security skills are lacking across multiple IT disciplines as well - including network engineers, sys admins, and cloud developers.
By Steve Zurier Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Work Exacerbating Data Sprawl
Robert Lemos, Contributing WriterNews
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.
By Robert Lemos Contributing Writer, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
'Dark Overlord' Cyber Extortionist Pleads Guilty
Dark Reading Staff, Quick Hits
Nathan Wyatt was sentenced to five years in prison after changing a previously not guilty plea.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TiaGilbert
Current Conversations Good article!
In reply to: Article
Post Your Own Reply
More Conversations
Products & Releases
Secureworks Completes Acquisition of Delve Laboratories, Inc.
Thales Empowers Organisations to Simplify the Discovery, Protection and Control of Sensitive Data
New Report Unveils the Most Vulnerable Sectors & Departments to Phishing Attacks
Devo Technology Adds $60 Million in Growth Funding
As Digital Transformation Accelerates, Entrust Datacard Becomes "Entrust"
Cyber Deception Reduces Data Breach Costs by Over 51% & SOC Inefficiencies by 32%
Dashlane Launches Historical Password Health Score Reporting
Cybersecurity Officials from U.S., U.K., Australia, Canada & New Zealand Release Best Practices for Incident Response
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Making the Case for Medical Device Cybersecurity
With an increasing number of Internet-connected medical devices in use to manage diabetes, protection against a variety of wireless network attacks could very well be a matter of life and death for patients.
Can Schools Pass Their Biggest Cybersecurity Test Yet?
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
A Hacker's Playlist
Nine security researchers share their favorite songs and genres.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed