Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Unconventional Pieces of Password Wisdom
New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says
Data Privacy Is in 23andMe CSO's DNA
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
News & Commentary
GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code
Robert Lemos, Contributing WriterNews
The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.
By Robert Lemos Contributing Writer, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems
Jai Vijayan, Contributing WriterNews
Patches Microsoft issued last month not effective against exploits targeting "PrintNightmare" flaw, agency and others say.
By Jai Vijayan Contributing Writer, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
WhiteHat Security Rebrands as NTT Application Security
Dark Reading Staff, Quick Hits
The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.
By Dark Reading Staff , 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Edge Toon: Security Grill
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
CISA Updates CSET Tool for Ransomware Defense
Dark Reading Staff, Quick Hits
A new module provides a set of practices to help organizations assess how well-equipped they are to defend and recover from ransomware.
By Dark Reading Staff , 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
Why Are There Never Enough Logs During An Incident Response?
Robert Meyers, Compliance and Privacy Professional and Channel Program Solutions Architect, One IdentityCommentary
Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.
By Robert Meyers Compliance and Privacy Professional and Channel Program Solutions Architect, One Identity, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
Rick van Galen, Security Engineer, 1PasswordCommentary
One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.
By Rick van Galen Security Engineer, 1Password, 7/1/2021
Comment0 comments  |  Read  |  Post a Comment
SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO
Kelly Sheridan, Staff Editor, Dark ReadingNews
IPO is the highest valued in cybersecurity history, according to reports.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
SMB Worm Targeting EternalBlue Vuln Spreads to US
Jai Vijayan, Contributing WriterNews
"Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.
By Jai Vijayan Contributing Writer, 6/30/2021
Comment1 Comment  |  Read  |  Post a Comment
Impersonation Becomes Top Phishing Technique
Dark Reading Staff, Quick Hits
A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.
By Dark Reading Staff , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
Robert Lemos, Contributing WriterNews
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.
By Robert Lemos Contributing Writer, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Attackers Already Unleashing Malware for Apple macOS M1 Chip
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Intl. Law Enforcement Operation Takes Down DoubleVPN
Dark Reading Staff, Quick Hits
The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.
By Dark Reading Staff , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
3 Things Every CISO Wishes You Understood
Vanessa Pegueros, Chief Trust & Security Officer, OneLoginCommentary
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
By Vanessa Pegueros Chief Trust & Security Officer, OneLogin, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
7 Skills the Transportation Sector Needs to Fuel Its Security Teams
Pam Baker, Contributing Writer
Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.
By Pam Baker Contributing Writer, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
9 Hot Trends in Cybersecurity Mergers & Acquisitions
Kelly Sheridan, Staff Editor, Dark Reading
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Travis Rosiek, Chief Technology and Strategy Officer, BluVector Commentary
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 6/30/2021
Comment0 comments  |  Read  |  Post a Comment
Google Updates Vulnerability Data Format to Support Automation
Robert Lemos, Contributing WriterNews
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
By Robert Lemos Contributing Writer, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware Losses Drive Up Cyber-Insurance Costs
Jai Vijayan, Contributing WriterNews
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
By Jai Vijayan Contributing Writer, 6/29/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Sevco Security Launches with $15 Million in Funding to Scale Adoption of Cloud-Native Security Asset Intelligence Platform
Versa Networks Secures $84M in Series D Funding to Accelerate SASE Growth
Noname Security Lands $60M Series B
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
Armis Data Highlights Need for Enterprise Security as End Users Lack Awareness of Major Cyberattacks
ISARA Corp. Introduces Advance Crypto Agility Suite
Semafone Announces Majority Investment from Livingbridge
Devo Technology Adds Former Microsoft and Carbon Black Executives to Expanded Leadership Team
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

7 Skills the Transportation Sector Needs to Fuel Its Security Teams
Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.
An Interesting Approach to Cyber Insurance
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
Data Privacy Is in 23andMe CSO's DNA
How serious is the company about safeguarding its customers and their genetic information? "We're hiding data even from ourselves," says the biotech and genetic testing company's head of security.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23207
PUBLISHED: 2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
CVE-2020-23208
PUBLISHED: 2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
CVE-2020-23209
PUBLISHED: 2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
CVE-2020-23214
PUBLISHED: 2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
CVE-2020-23217
PUBLISHED: 2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
Flash Poll
Video
Slideshows
Twitter Feed