Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
6 Ways Passwords Fail Basic Security Tests
Need for 'Guardrails' in Cloud-Native Applications Intensifies
COVID-19: Latest Security News & Commentary
News & Commentary
New Wroba Campaign Is Latest Sign of Growing Mobile Threats
Jai Vijayan, Contributing WriterNews
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
By Jai Vijayan Contributing Writer, 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
JavaScript Obfuscation Moves to Phishing Emails
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
Dark Reading Staff, Quick Hits
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
By Dark Reading Staff , 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Will Wise, Group Vice President, Security Events, Reed ExhibitionsCommentary
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
By Will Wise Group Vice President, Security Events, Reed Exhibitions, 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 10/30/2020
Comment20 comments  |  Read  |  Post a Comment
SANS Launches New CyberStart Program for All High School Students
Nicole Ferraro, Contributing WriterNews
Free program lets students solve real-world security problems - and learn about cybersecurity.
By Nicole Ferraro Contributing Writer, 10/30/2020
Comment0 comments  |  Read  |  Post a Comment
First the Good News: Number of Breaches Down 51% Year Over Year
Robert Lemos, Contributing WriterNews
But the number of records put at risk experiences a massive increase. Here's why.
By Robert Lemos Contributing Writer, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Launches XDR, Browser Isolation, Cloud App Security Tools
Dark Reading Staff, Quick Hits
New additions are built to help organizations better respond to threats and protect applications and data in the cloud.
By Dark Reading Staff , 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Make Off With Millions From Wisconsin Republicans
Dark Reading Staff, Quick Hits
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
By Dark Reading Staff , 10/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Wave Targets US Hospitals: What We Know So Far
Kelly Sheridan, Staff Editor, Dark ReadingNews
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
By Kelly Sheridan Staff Editor, Dark Reading, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
How Healthcare Organizations Can Combat Ransomware
Mike Wilson, Founder & CTO, EnzoicCommentary
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
By Mike Wilson Founder & CTO, Enzoic, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Why Defense, Not Offense, Will Determine Global Cyber Powers
Edge Editors, Dark Reading
Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.
By Edge Editors Dark Reading, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Aim BEC Attacks at Education Industry
Steve Zurier, Contributing WriterNews
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
By Steve Zurier Contributing Writer, 10/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership
Eric Parizo, Senior Analyst, OmdiaCommentary
Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
By Eric Parizo Senior Analyst, Omdia, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
How to Increase Voter Turnout & Reduce Fraud
Husayn Kassai, Co-Founder and CEO, OnfidoCommentary
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
By Husayn Kassai Co-Founder and CEO, Onfido, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing WriterNews
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
By Robert Lemos Contributing Writer, 10/29/2020
Comment2 comments  |  Read  |  Post a Comment
Is Your Encryption Ready for Quantum Threats?
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
By Kelly Sheridan Staff Editor, Dark Reading, 10/28/2020
Comment1 Comment  |  Read  |  Post a Comment
US Government Issues Warning on Kimsuky APT Group
Dark Reading Staff, Quick Hits
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Lucidum Raises $4M Seed Investment to Automate Asset Discovery & Eliminate Blind Spots Across Cloud, Security & IT Ops
Mastercard Launches AI-Powered Solution to Protect the Digital Ecosystem
Claroty Adds Fully Integrated Remote Incident Management To Industry-Leading Ot Security Platform
Contrast Security Launches Platform Delivering Comprehensive Security Observability to Secure Web Apps Across SDLC
Micron and Tata Communications Accelerate IoT Deployment With Cloud-Based Virtual SIM
Theta Lake Raises $12.7 Million In Series A Funding, Led by Lightspeed Venture Partners
Sophos Launches Rapid Response Service to Identify and Neutralize Active Cybersecurity Attacks
Axio Offers Free Cybersecurity Program Assessment Tools
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Why Defense, Not Offense, Will Determine Global Cyber Powers
Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.
Tracking Down the Web Trackers
Third-party Web trackers might be following your website visitors' every step. How can new tools like Blacklight help you stop them in their tracks?
Teach Your Employees Well: How to Spot Smishing & Vishing Scams
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed