Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Securing Slack: 5 Tips for Safer Messaging, Collaboration
A 7-Step Cybersecurity Plan for Healthcare Organizations
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
How AI Will Supercharge Spear-Phishing
Darktrace Experts, Staff
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
By Darktrace Experts Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
IASME Consortium to Kick-start New IoT Assessment Scheme
IFSEC Global, StaffNews
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
By IFSEC Global Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Robert Lemos, Contributing WriterNews
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Attacks Show Little Sign of Slowing in 2021
Jai Vijayan, Contributing WriterNews
With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
By Jai Vijayan Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Do Standards Exist That Certify Secure IoT Systems?
Loren Browman, Senior Security Consultant, Optiv
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
By Loren Browman Senior Security Consultant, Optiv, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Dark Reading Staff, Quick Hits
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Farsight Labs Launched as Security Collaboration Platform
Dark Reading Staff, Quick Hits
Farsight Security's platform will offer no-cost access to certain tools and services.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
Robert Lemos, Contributing WriterNews
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
By Robert Lemos Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSS Labs Shuttered
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The testing firm's website says it has "ceased operations" as of Oct. 15.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
GravityRAT Spyware Targets Android & MacOS in India
Dark Reading Staff, Quick Hits
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
By Dark Reading Staff , 10/19/2020
Comment1 Comment  |  Read  |  Post a Comment
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff, Quick Hits
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
By Ericka Chickowski Contributing Writer, 10/19/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Splunk Unveils New Innovations Across Its Security Operations Suite
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Splunk Acquires Plumbr, Agrees to Acquire Rigor
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Corsa Security Automates Firewall as a Service
ReliaQuest’s GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

How AI Will Supercharge Spear-Phishing
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed