Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Post-COVID-19 Security Spending Update
A Hacker's Playlist
6 Lessons IT Security Can Learn From DevOps
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Dark Reading Staff, Quick Hits
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Greater Cyber Resiliency
Andrew Rubin, CEO & Founder at IllumioCommentary
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
By Andrew Rubin CEO & Founder at Illumio, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine LearningExpert Insights
Future consumer devices, including pacemakers, should be built with security from the start.
By Gary McGraw Ph.D. Co-founder Berryville Institute of Machine Learning, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/21/2020
Comment22 comments  |  Read  |  Post a Comment
A Hacker's Playlist
Steve Zurier, Contributing Writer
Nine security researchers share their favorite songs and genres.
By Steve Zurier Contributing Writer, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Deepfake Detection Poses Problematic Technology Race
Robert Lemos, Contributing WriterNews
Experts hold out little hope for a robust technical solution in the long term.
By Robert Lemos Contributing Writer, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Defending Against Deepfakes: From Tells to Crypto
Curtis Franklin Jr., Senior Editor at Dark Reading
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Indictments Unlikely to Deter China's APT41 Activity
Jai Vijayan, Contributing WriterNews
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.
By Jai Vijayan Contributing Writer, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Sumo Logic IPO Prices Higher Than Expected
Kelly Sheridan, Staff Editor, Dark ReadingNews
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Struggling to Secure Remote IT? 3 Lessons from the Office
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
By Chris Hallenbeck CISO for the Americas at Tanium, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
What's on Your Enterprise Network? You Might Be Surprised
Jai Vijayan, Contributing WriterNews
The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.
By Jai Vijayan Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Rose 151% in First Half of 2020
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
h2c Smuggling: A New 'Devastating' Kind of HTTP Request
Seth Rosenblatt, Contributing Writer
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.
By Seth Rosenblatt Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Plan to Make COVID-19 Changes Permanent
Steve Zurier, Contributing WriterNews
After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.
By Steve Zurier Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
New Report Unveils the Most Vulnerable Sectors & Departments to Phishing Attacks
Devo Technology Adds $60 Million in Growth Funding
As Digital Transformation Accelerates, Entrust Datacard Becomes "Entrust"
Cyber Deception Reduces Data Breach Costs by Over 51% & SOC Inefficiencies by 32%
Dashlane Launches Historical Password Health Score Reporting
Cybersecurity Officials from U.S., U.K., Australia, Canada & New Zealand Release Best Practices for Incident Response
CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies
(ISC)2 Shares Blueprint for Building Formal, Enterprise-Wide Cybersecurity Training Programs
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

A Hacker's Playlist
Nine security researchers share their favorite songs and genres.
Defending Against Deepfakes: From Tells to Crypto
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
h2c Smuggling: A New 'Devastating' Kind of HTTP Request
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.
Register for Dark Reading Newsletters
Cartoon
Latest Comment: Exactly
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4643
PUBLISHED: 2020-09-21
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.
CVE-2020-4590
PUBLISHED: 2020-09-21
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVE-2020-4731
PUBLISHED: 2020-09-21
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
CVE-2020-4315
PUBLISHED: 2020-09-21
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the i...
CVE-2020-4579
PUBLISHED: 2020-09-21
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed