Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
Concerns Run High as More Details of SolarWinds Hack Emerge
Jai Vijayan, Contributing WriterNews
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
By Jai Vijayan Contributing Writer, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Fined in Irish GDPR Action
Dark Reading Staff, Quick Hits
The $547K fine results from an issue Twitter reported in 2019.
By Dark Reading Staff , 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Medical Imaging Leaks Highlight Unhealthy Security Practices
Robert Lemos, Contributing WriterNews
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
By Robert Lemos Contributing Writer, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
By Scott Taschler Director of Product Marketing for CrowdStrike, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
The Private Sector Needs a Cybersecurity Transformation
Steve Ryan, Founder & CEO of Trinity CyberCommentary
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
By Steve Ryan Founder & CEO of Trinity Cyber, 12/15/2020
Comment1 Comment  |  Read  |  Post a Comment
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
Jai Vijayan, Contributing WriterNews
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
By Jai Vijayan Contributing Writer, 12/14/2020
Comment1 Comment  |  Read  |  Post a Comment
2021 Security Budgets: Top Priorities, New Realities
Joan Goodchild, Contributing Writer
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
By Joan Goodchild Contributing Writer, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Amit Bareket, CEO and Co-founder of Perimeter 81Commentary
Emerging businesses that don't embrace scalable security do so at their own peril.
By Amit Bareket CEO and Co-founder of Perimeter 81, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Dark Reading Staff, Quick Hits
Ransomware attacks reported against US K–12 schools jumped from 28% in January through July to 57% in August and September.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Powerful New Adware
Dark Reading Staff, Quick Hits
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
'Tis the Season to Confront Third-Party Risk
Samuel Greengard, Freelance Writer
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
By Samuel Greengard Freelance Writer, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Penetration Testing: A Road Map for Improving Outcomes
Shane Ryan, Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience TeamCommentary
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
By Shane Ryan Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience Team, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Knowing What the Enemy Knows Is Key to Proper Defense
Jai Vijayan, Contributing WriterNews
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
By Jai Vijayan Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Juvenile Pleads Guilty to 2016 DNS Attack
Dark Reading Staff, Quick Hits
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Robert Lemos, Contributing WriterNews
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
By Robert Lemos Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Breach Fallout Yet to Be Felt
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Edge Editors, Dark Reading
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
By Edge Editors Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
4iQ and Alto Analytics Merge and Rebrand as Constella Intelligence
Sophos Announces 4 New Open Artificial Intelligence Developments
One in 10 Gamers Have Had Their ID Stolen
WatchGuard Report Details COVID-19 Impact on Security Threat Landscape
Thoma Bravo Announces Strategic Growth Investment in Venafi
Ethics by Design: New Report Helps Companies Move Beyond Compliance
Vade Secure Releases Fully Customizable MTA Builder for ISPs and Telcos
Karamba Security Announces XGuard Monitor to Manage the Security of Millions of IoT Devices at Scale
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

2021 Security Budgets: Top Priorities, New Realities
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35193
PUBLISHED: 2020-12-16
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35468
PUBLISHED: 2020-12-16
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35469
PUBLISHED: 2020-12-16
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35463
PUBLISHED: 2020-12-15
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35464
PUBLISHED: 2020-12-15
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed