Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Dark Reading Staff, Quick Hits
Ransomware attacks reported against US K–12 schools jumped from 28% in January through July to 57% in August and September.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Powerful New Adware
Dark Reading Staff, Quick Hits
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
'Tis the Season to Confront Third-Party Risk
Samuel Greengard, Freelance Writer
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
By Samuel Greengard Freelance Writer, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Penetration Testing: A Road Map for Improving Outcomes
Shane Ryan, Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience TeamCommentary
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
By Shane Ryan Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience Team, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Knowing What the Enemy Knows Is Key to Proper Defense
Jai Vijayan, Contributing WriterNews
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
By Jai Vijayan Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Juvenile Pleads Guilty to 2016 DNS Attack
Dark Reading Staff, Quick Hits
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Robert Lemos, Contributing WriterNews
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
By Robert Lemos Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Breach Fallout Yet to Be Felt
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Edge Editors, Dark Reading
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
By Edge Editors Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
85,000 MySQL Servers Hit in Active Ransomware Campaign
Dark Reading Staff, Quick Hits
Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Wayne Dorris, CISSP, Business Development Manager for Cybersecurity, at Axis CommunicationsCommentary
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
By Wayne Dorris CISSP, Business Development Manager for Cybersecurity, at Axis Communications, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Developed New Kernel-Level Exploits for Old Vulns in Windows
Jai Vijayan, Contributing WriterNews
Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020.
By Jai Vijayan Contributing Writer, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Makes Up Half of All Major Incidents
Robert Lemos, Contributing WriterNews
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.
By Robert Lemos Contributing Writer, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Kelly Sheridan, Staff Editor, Dark ReadingNews
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
10 Ways Device Identifiers Can Spot a Cybercriminal
Joshua Goldfarb, Director of Product Management at F5
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
By Joshua Goldfarb Director of Product Management at F5, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
WatchGuard Report Details COVID-19 Impact on Security Threat Landscape
Thoma Bravo Announces Strategic Growth Investment in Venafi
Ethics by Design: New Report Helps Companies Move Beyond Compliance
Vade Secure Releases Fully Customizable MTA Builder for ISPs and Telcos
Karamba Security Announces XGuard Monitor to Manage the Security of Millions of IoT Devices at Scale
ThreatConnect Releases Risk Quantifier 5.0
VMRay Closes $25 Million Series B
New Report from Fudo Security Identifies Key Trends in Secure Remote Access
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
10 Ways Device Identifiers Can Spot a Cybercriminal
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Don't worry, you'll know if audit doesn't like your password strength!
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35207
PUBLISHED: 2020-12-12
** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could a...
CVE-2020-35208
PUBLISHED: 2020-12-12
** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker co...
CVE-2020-35200
PUBLISHED: 2020-12-12
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
CVE-2020-35201
PUBLISHED: 2020-12-12
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
CVE-2020-35202
PUBLISHED: 2020-12-12
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed