Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
Bank of America Security Incident Affects PPP Applicants
Dark Reading Staff, Quick Hits
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing WriterNews
Mobile providers don't often update users when applications are not supported by developers, security firm says.
By Robert Lemos Contributing Writer, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Cisco Announces Patches to SaltStack
Dark Reading Staff, Quick Hits
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Distancing with Microsegmentation
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
By Trevor Pott Product Marketing Director at Juniper Networks, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Zscaler Buys Edge Networks
Dark Reading Staff, Quick Hits
The acquisition is Zscaler's second major buy this quarter.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
A Rogues' Gallery of MacOS Malware
Curtis Franklin Jr., Senior Editor at Dark Reading
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites
Jai Vijayan, Contributing WriterNews
Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.
By Jai Vijayan Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Valak Malware Retasked to Steal Data from US, German Firms
Robert Lemos, Contributing WriterNews
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Dark Reading Staff, Quick Hits
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
By Dark Reading Staff , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
3 SMB Cybersecurity Myths Debunked
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Small and midsize businesses are better at cyber resilience than you might think.
By Marc Wilczek Digital Strategist & COO of Link11, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Robert Lemos, Contributing WriterNews
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
Steve Zurier, Contributing WriterNews
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
By Steve Zurier Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
How Elite Protectors Operationalize Security Protection
Maurice Uenuma & A.T. Smith, Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity ConsultantCommentary
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
By By Maurice Uenuma, VP, Federal & Enterprise, Tripwire, former Special Ops Marine, and A.T. Smith, Former Deputy Director of the U.S. Secret Service , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 5/28/2020
Comment11 comments  |  Read  |  Post a Comment
Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques
Jai Vijayan, Contributing WriterNews
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.
By Jai Vijayan Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing WriterNews
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.
By Robert Lemos Contributing Writer, 5/27/2020
Comment6 comments  |  Read  |  Post a Comment
Cloud Security Architect Proves Hardest Infosec Role to Fill
Dark Reading Staff, Quick Hits
Nearly 70% of businesses struggle to recruit, hire, and retain cybersecurity talent, and many link security incidents to lack of skills.
By Dark Reading Staff , 5/27/2020
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by bina
Current Conversations Can you smell me now?
In reply to: Hey,
Post Your Own Reply
More Conversations
Products & Releases
CISA Releases New Cyber Essentials Toolkit
Intrusion Inc. Appoints Jack Blount as President and Chief Executive Officer
Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers
RiskIQ Creates Complimentary COVID-19 Internet Intelligence Gateway to Fight Pandemic of Cybercrime
RackTop BrickStor SP Secure NAS data security platform now resold by Hewlett Packard Enterprise
New Research Indicates 84% of Businesses Will Likely Increase Work-from-Home Capacity Beyond Pandemic Despite Security Concerns
Smarsh Acquires Entreda, Leader in Cybersecurity Risk & Compliance Software for Wealth Management Industry
FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
5 Tips for Fighting Credential Stuffing Attacks
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Flash Poll
Video
Slideshows
Twitter Feed