Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Phishing Lures Preying on Pandemic Panic
5 Soothing Security Products We Wish Existed
9 Security Podcasts Worth Tuning In To
State of Cybersecurity Incident Response
COVID-19: Latest Security News & Commentary
News & Commentary
Automated Bots Are Increasingly Scraping Data & Attempting Logins
Robert Lemos, Contributing WriterNews
The share of bot traffic to online sites declines, but businesses are seeing an overall increase in automated scraping of data, login attempts, and other detrimental activity.
By Robert Lemos Contributing Writer, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Use Microsoft Terminal Services Client in New Attack Method
Kelly Sheridan, Staff Editor, Dark ReadingNews
The technique would enable attackers to run malicious code via Remote Desktop Protocol using DLL side-loading to bypass security controls.
By Kelly Sheridan Staff Editor, Dark Reading, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Viral WhatsApp Scam Promises Free Streaming Services
Dark Reading Staff, Quick Hits
Cybercriminals capitalize on the popularity of media and entertainment to target consumers looking for at-home activities.
By Dark Reading Staff , 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Is COVID-19 Intensifying the Need for Security Staffing?
Owanate Bestman, Director, Bestman SolutionsCommentary
Overall, security practitioners should find themselves in a better working situation than many other professionals. However, we are not immune.
By Owanate Bestman Director, Bestman Solutions, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Aim at Software Supply Chain with Package Typosquatting
Robert Lemos, Contributing WriterNews
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
By Robert Lemos Contributing Writer, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Terahash Buys L0phtCrack in Password Merger
Dark Reading Staff, Quick Hits
The acquisition brings password cracking and password auditing capabilities together in a single company.
By Dark Reading Staff , 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Avoid the Top Cloud Access Risks
Shai Morag, CEO of ErmeticCommentary
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
By Shai Morag CEO of Ermetic, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Proposes Privacy Controls for COVID-19 Contact Tracking, Tracing
Jai Vijayan, Contributing WriterNews
As governments broaden use of digital technologies to stem pandemic, sensitive health and location data need to be protected, company says.
By Jai Vijayan Contributing Writer, 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
Work-from-Home Exposes Already-Infected Machines in 50K US Organizations
Dark Reading Staff, Quick Hits
Researchers find massive spike in infected enterprises worldwide.
By Dark Reading Staff , 4/21/2020
Comment0 comments  |  Read  |  Post a Comment
How Can I Help My Users Spot Disinformation?
Edge Editors, Dark Reading
A combination of clever tools, good education, and better mindfulness might keep users from being manipulated.
By Edge Editors Dark Reading, 4/20/2020
Comment0 comments  |  Read  |  Post a Comment
Stimulus Payments Are Popular Leverage for Cyberattacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.
By Kelly Sheridan Staff Editor, Dark Reading, 4/20/2020
Comment0 comments  |  Read  |  Post a Comment
IT Services Firm Cognizant Hit with Maze Ransomware
Dark Reading Staff, Quick Hits
Cognizant is working with cyber defense firms and law enforcement to investigate the attack, disclosed April 17.
By Dark Reading Staff , 4/20/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
It was a tough choice! And the winner is…
By Marilyn Cohodas Managing Editor, Dark Reading, 4/20/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Rob Smith, Research Director, Gartner Endpoint & Operations Security GroupCommentary
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
By Rob Smith Research Director, Gartner Endpoint & Operations Security Group, 4/20/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 4/20/2020
Comment5 comments  |  Read  |  Post a Comment
Pen-Test Results Hint at Improvements in Enterprise Security
Jai Vijayan, Contributing WriterNews
Though many problems remain, organizations are making attackers work harder.
By Jai Vijayan Contributing Writer, 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
Dark Reading Staff, Quick Hits
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.
By Dark Reading Staff , 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Explore Details of Critical VMware Vulnerability
Dark Reading Staff, Quick Hits
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.
By Dark Reading Staff , 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Home-School: The Robot Project
Curtis Franklin Jr., Senior Editor at Dark Reading
This fun project can teach your homebound children and teens about cybersecurity (and keep them occupied for at least a little while).
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
'Look for the Helpers' to Securely Enable the Remote Workforce
Scott Price, Chief Executive Officer at A-LIGNCommentary
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
By Scott Price Chief Executive Officer at A-LIGN, 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Securing Endpoints a Top Concern and Challenge in Reducing Attack Dwell Times: Research
IronNet Enhances Platform with Innovative Threat Landscape Visualization to Operationalize Collective Defense
Awake Security Raises Series C Investment to Fuel Expansion & Adoption of Its Advanced Network Traffic Analysis Platform
Corsa Security Orchestrator Simplifies Scaling of Traffic Inspection
NeuVector Releases Vulnerability Management Tools That Strengthen & Automate End-to-End Container Security
Study: Preventing Cyberattack Penetration Can Save Enterprises Up to $1.4 Million Per Incident
CISA Releases TIC 3.0 Interim Telework Guidance
RangeForce and One Distribution Bolster Cybersecurity Training in UK and Ireland with SaaS-based Cyber Skills Platform
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
How Can I Help My Users Spot Disinformation?
A combination of clever tools, good education, and better mindfulness might keep users from being manipulated.
Cybersecurity Home-School: The Robot Project
This fun project can teach your homebound children and teens about cybersecurity (and keep them occupied for at least a little while).
Which InfoSec Jobs Will Best Survive a Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-21145
PUBLISHED: 2020-04-21
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, W...
CVE-2018-21146
PUBLISHED: 2020-04-21
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.
CVE-2018-21147
PUBLISHED: 2020-04-21
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.
CVE-2018-21148
PUBLISHED: 2020-04-21
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR...
CVE-2020-12051
PUBLISHED: 2020-04-21
The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be den...
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed