Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing WriterNews
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
By Robert Lemos Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Version of TrickBot Employs Clever New Obfuscation Trick
Jai Vijayan, Contributing WriterNews
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
By Jai Vijayan Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Baidu Apps Leaked Location Data, Machine Learning Reveals
Robert Lemos, Contributing WriterNews
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Defense Is Evolving With Ransomware Attacks
Joan Goodchild, Contributing Writer
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
By Joan Goodchild Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Warns of Holiday Online Shopping Scams
Dark Reading Staff, Quick Hits
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
By Dark Reading Staff , 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Alexa, Disarm the Victim's Home Security System
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark ReadingNews
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 11/24/2020
Comment1 Comment  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
What's in Store for Privacy in 2021
Robert Lemos, Contributing WriterNews
Changes are coming to the privacy landscape, including more regulations and technologies.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Printers' Cybersecurity Threats Too Often Ignored
Shivaun Albright, Chief Technologist of Print Security, HP Inc.Commentary
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
By Shivaun Albright Chief Technologist of Print Security, HP Inc., 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Sound Alarm on Smart Doorbells
Jai Vijayan, Contributing WriterNews
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
By Jai Vijayan Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Grows Easier to Spread, Harder to Block
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Manchester United Suffers Cyberattack
Dark Reading Staff, Quick Hits
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
By Dark Reading Staff , 11/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
Dark Reading Staff, Quick Hits
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
By Dark Reading Staff , 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Vinay Sridhara, CTO at BalbixCommentary
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
By Vinay Sridhara CTO at Balbix, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Abnormal Security Raises $50M in Series B Funding
Digital Shadows Launches Sensitive Document Alerts With Added Context
Claroty Partners with CrowdStrike to Protect Industrial Control System Environments
Cloud-Native Security Platform Deepfence Announces $9.5 Million Series A Investment Led by AllegisCyber
Rubrik's Pioneering Cloud Data Management Platform Gets Major Update
Arctic Wolf Expands Operations to Toronto and San Antonio
RangeForce Ushers in New Era of Hands-on Cybersecurity Training Certification with Workforce-Ready Cert Program
Unbound Tech Raises $20M in Series B Funding to Support Global Growth
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

How Ransomware Defense Is Evolving With Ransomware Attacks
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
How Industrial IoT Security Can Catch Up With OT/IT Convergence
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
ISP Security: Do We Expect Too Much?
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14191
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...
Flash Poll
Video
Slideshows
Twitter Feed