Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How to Decipher InfoSec Job Titles' Mysteries
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Using 'Data for Good' to Control the Pandemic
Neil Sweeney, Founder & CEO, KilliCommentary
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
By Neil Sweeney Founder & CEO, Killi, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
SANS Security Training Firm Hit with Data Breach
Dark Reading Staff, Quick Hits
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: 'Rise' and Shine
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Patrick Carey, Vice President Product Management, ExopriseCommentary
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
By Patrick Carey Vice President Product Management, Exoprise, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Trick Facial-Recognition Systems
Jai Vijayan, Contributing WriterNews
Goal was to see if computer-generated images that look like one person would get classified as another person.
By Jai Vijayan Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
Robert Lemos, Contributing WriterNews
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
By Robert Lemos Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Symmetry Systems Emerges from Stealth
Dark Reading Staff, Quick Hits
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Dark Reading Staff, Quick Hits
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Is Edtech the Greatest APT?
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
EU-US Privacy Shield Dissolution: What Happens Next?
Sam Curry, CSO, CybereasonCommentary
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
By Sam Curry CSO, Cybereason, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Trust Security 101
Curtis Franklin Jr., Senior Editor at Dark Reading
What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
How to Help Spoil the Cybercrime Economy
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
By Marc Wilczek Digital Strategist & COO of Link11, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
17 Essential Stats About the State of Consumer Privacy
Ericka Chickowski, Contributing Writer
These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data.
By Ericka Chickowski Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Gamifying Password Training Shows Security Benefits
Robert Lemos, Contributing WriterNews
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
By Robert Lemos Contributing Writer, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.
By Kelly Sheridan Staff Editor, Dark Reading, 8/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Better Business Bureau Warns of New Visa Scam
Dark Reading Staff, Quick Hits
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.
By Dark Reading Staff , 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Can I Use the Same Security Tools on My IT and OT?
Edge Editors, Dark Reading
You can quit worrying about IT tools in the OT environment.
By Edge Editors Dark Reading, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing WriterNews
Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown.
By Seth Rosenblatt Contributing Writer, 8/10/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?
You can quit worrying about IT tools in the OT environment.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17505
PUBLISHED: 2020-08-12
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
CVE-2020-17506
PUBLISHED: 2020-08-12
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
CVE-2020-2035
PUBLISHED: 2020-08-12
When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within ...
CVE-2020-5415
PUBLISHED: 2020-08-12
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerabilit...
CVE-2020-6653
PUBLISHED: 2020-08-12
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's ac...
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed