Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Securing Slack: 5 Tips for Safer Messaging, Collaboration
A 7-Step Cybersecurity Plan for Healthcare Organizations
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Ransomware Attacks Show Little Sign of Slowing in 2021
Jai Vijayan, Contributing WriterNews
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.
By Jai Vijayan Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Do Standards Exist That Certify Secure IoT Systems?
Loren Browman, Senior Security Consultant, Optiv
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
By Loren Browman Senior Security Consultant, Optiv, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Dark Reading Staff, Quick Hits
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Farsight Labs Launched as Security Collaboration Platform
Dark Reading Staff, Quick Hits
Farsight Security's platform will offer no-cost access to certain tools and services.
By Dark Reading Staff , 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
Robert Lemos, Contributing WriterNews
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
By Robert Lemos Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
NSS Labs Shuttered
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The testing firm's website says it has "ceased operations" as of Oct. 15.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
GravityRAT Spyware Targets Android & MacOS in India
Dark Reading Staff, Quick Hits
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff, Quick Hits
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
By Ericka Chickowski Contributing Writer, 10/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Chart: The Pandemic Reprioritizes Security Projects
Edge Editors, Dark Reading
Responses among IT and security pros reflect concern over vulnerabilities incurred by workers accessing the enterprise network from poorly protected home networks.
By Edge Editors Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A Swift Reminder About Cybersecurity
Edge Editors, Dark Reading
The hackers gonna crack, crack, crack, crack, crack ...
By Edge Editors Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Expert Tips to Keep WordPress Safe
Curtis Franklin Jr., Senior Editor at Dark Reading
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Dark Reading Staff, Quick Hits
At least three campaigns are now underway.
By Dark Reading Staff , 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Splunk Unveils New Innovations Across Its Security Operations Suite
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Splunk Acquires Plumbr, Agrees to Acquire Rigor
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Corsa Security Automates Firewall as a Service
ReliaQuest’s GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
An Uncommon 20 Years of Commonly Enumerating Vulns
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed