Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Lessons IT Security Can Learn From DevOps
Ransomware Red Flags: 7 Signs You're About to Get Hit
MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
A Hacker's Playlist
Steve Zurier, Contributing Writer
Nine security researchers share their favorite songs and genres.
By Steve Zurier Contributing Writer, 9/18/2020
Comment1 Comment  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Deepfake Detection Poses Problematic Technology Race
Robert Lemos, Contributing WriterNews
Experts hold out little hope for a robust technical solution in the long term.
By Robert Lemos Contributing Writer, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Fall for It! Defending Against Deepfakes
Curtis Franklin Jr., Senior Editor at Dark Reading
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Indictments Unlikely to Deter China's APT41 Activity
Jai Vijayan, Contributing WriterNews
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.
By Jai Vijayan Contributing Writer, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Sumo Logic IPO Prices Higher Than Expected
Kelly Sheridan, Staff Editor, Dark ReadingNews
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Struggling to Secure Remote IT? 3 Lessons from the Office
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
By Chris Hallenbeck CISO for the Americas at Tanium, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/17/2020
Comment22 comments  |  Read  |  Post a Comment
What's on Your Enterprise Network? You Might Be Surprised
Jai Vijayan, Contributing WriterNews
The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.
By Jai Vijayan Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Rose 151% in First Half of 2020
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
h2c Smuggling: A New 'Devastating' Kind of HTTP Request
Seth Rosenblatt, Contributing Writer
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.
By Seth Rosenblatt Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Plan to Make COVID-19 Changes Permanent
Steve Zurier, Contributing WriterNews
After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.
By Steve Zurier Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Charges Five Members of China-Linked APT41 for Global Attacks
Dark Reading Staff, Quick Hits
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
By Dark Reading Staff , 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Joins MITRE to Issue Vulnerability Identifiers
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
By Robert Lemos Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
New Report Unveils the Most Vulnerable Sectors & Departments to Phishing Attacks
Devo Technology Adds $60 Million in Growth Funding
As Digital Transformation Accelerates, Entrust Datacard Becomes "Entrust"
Cyber Deception Reduces Data Breach Costs by Over 51% & SOC Inefficiencies by 32%
Dashlane Launches Historical Password Health Score Reporting
Cybersecurity Officials from U.S., U.K., Australia, Canada & New Zealand Release Best Practices for Incident Response
CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies
(ISC)2 Shares Blueprint for Building Formal, Enterprise-Wide Cybersecurity Training Programs
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

A Hacker's Playlist
Nine security researchers share their favorite songs and genres.
Don't Fall for It! Defending Against Deepfakes
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
h2c Smuggling: A New 'Devastating' Kind of HTTP Request
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed