Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tips for Effective Deception
7 IoT Tips for Home Users
Profile of the Post-Pandemic CISO
Cartoon: COVID19 Futures
COVID-19: Latest Security News & Commentary
News & Commentary
Applying the 80-20 Rule to Cybersecurity
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
How security teams can achieve 80% of the benefit for 20% of the work.
By Dan Blum Cybersecurity & Risk Management Strategist, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
BEC Busts Take Down Multimillion-Dollar Operations
Kelly Sheridan, Staff Editor, Dark ReadingNews
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
By Kelly Sheridan Staff Editor, Dark Reading, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
Robert Lemos, Contributing WriterNews
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
By Robert Lemos Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
North Korea's Lazarus Group Diversifies Into Card Skimming
Jai Vijayan, Contributing WriterNews
Since at least May 2019, the state-sponsored threat actor has stolen card data from dozens of retailers, including major US firms.
By Jai Vijayan Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Dark Reading Staff, Quick Hits
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Android Adware Tied to Undeletable Malware
Dark Reading Staff, Quick Hits
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
How to Assess More Sophisticated IoT Threats
Jack Mannino, CEO, nVisiumCommentary
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
By Jack Mannino CEO, nVisium, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 7/6/2020
Comment13 comments  |  Read  |  Post a Comment
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 7/3/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity's Lament: There Are No Cooks in Space
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/3/2020
Comment0 comments  |  Read  |  Post a Comment
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Dark Reading Staff, Quick Hits
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Anatomy of a Long-Con Phish
Chenxi Wang, Founder and General Partner, Rain CapitalExpert Insights
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
By Chenxi Wang Founder and General Partner, Rain Capital, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Considerations for Seamless CCPA Compliance
Anurag Kahol, CTO, BitglassCommentary
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
By Anurag Kahol CTO, Bitglass, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
22,900 MongoDB Databases Affected in Ransomware Attack
Dark Reading Staff, Quick Hits
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
7 IoT Tips for Home Users
Steve Zurier, Contributing Writer
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
By Steve Zurier Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign
Jai Vijayan, Contributing WriterNews
Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.
By Jai Vijayan Contributing Writer, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Steve Zurier, Contributing WriterNews
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
By Steve Zurier Contributing Writer, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Cloud Security Alliance Publishes New Paper, The Six Pillars of DevSecOps: Automation
Xage Security Introduces Universal Multi-Factor Authentication for Industrial Operations
Safeguard Cyber Adds Advanced Malware Protection To Its Enterprise Platform
Attivo Networks Announces New Capabilities to Endpoint Detection Net Solution
Kaspersky Announces Integrated Endpoint Security
IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue
Abnormal Security Data Reveals 200% Monthly Increase in BEC Attacks Focused on Invoice or Payment Fraud
Cynet Announces $18M Funding Round
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Cybersecurity's Lament: There Are No Cooks in Space
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
Making Sense of EARN IT & LAED Bills' Implications for Crypto
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
Profile of the Post-Pandemic CISO
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15037
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
CVE-2019-4323
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVE-2019-4324
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVE-2020-15036
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
CVE-2020-15577
PUBLISHED: 2020-07-07
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed