Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
Jai Vijayan, Contributing WriterNews
Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.
By Jai Vijayan Contributing Writer, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Researcher $100,000 for Critical Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Dark Reading Staff, Quick Hits
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
By Dark Reading Staff , 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
Robert Lemos, Contributing WriterNews
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
By Robert Lemos Contributing Writer, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRockCommentary
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.
By Peter Barker Chief Product Officer at ForgeRock, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 6/1/2020
Comment11 comments  |  Read  |  Post a Comment
Bank of America Security Incident Affects PPP Applicants
Dark Reading Staff, Quick Hits
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing WriterNews
Mobile providers don't often update users when applications are not supported by developers, security firm says.
By Robert Lemos Contributing Writer, 5/29/2020
Comment5 comments  |  Read  |  Post a Comment
Cisco Announces Patches to SaltStack
Dark Reading Staff, Quick Hits
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Distancing with Microsegmentation
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
By Trevor Pott Product Marketing Director at Juniper Networks, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Zscaler Buys Edge Networks
Dark Reading Staff, Quick Hits
The acquisition is Zscaler's second major buy this quarter.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
A Rogues' Gallery of MacOS Malware
Curtis Franklin Jr., Senior Editor at Dark Reading
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites
Jai Vijayan, Contributing WriterNews
Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.
By Jai Vijayan Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Valak Malware Retasked to Steal Data from US, German Firms
Robert Lemos, Contributing WriterNews
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Dark Reading Staff, Quick Hits
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
By Dark Reading Staff , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
3 SMB Cybersecurity Myths Debunked
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Small and midsize businesses are better at cyber resilience than you might think.
By Marc Wilczek Digital Strategist & COO of Link11, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Robert Lemos, Contributing WriterNews
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
Steve Zurier, Contributing WriterNews
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
By Steve Zurier Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
CISA Releases New Cyber Essentials Toolkit
Intrusion Inc. Appoints Jack Blount as President and Chief Executive Officer
Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers
RiskIQ Creates Complimentary COVID-19 Internet Intelligence Gateway to Fight Pandemic of Cybercrime
RackTop BrickStor SP Secure NAS data security platform now resold by Hewlett Packard Enterprise
New Research Indicates 84% of Businesses Will Likely Increase Work-from-Home Capacity Beyond Pandemic Despite Security Concerns
Smarsh Acquires Entreda, Leader in Cybersecurity Risk & Compliance Software for Wealth Management Industry
FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
5 Tips for Fighting Credential Stuffing Attacks
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.
Flash Poll
Video
Slideshows
Twitter Feed