Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 Tips for Effective Deception
7 IoT Tips for Home Users
Profile of the Post-Pandemic CISO
Cartoon: COVID19 Futures
COVID-19: Latest Security News & Commentary
News & Commentary
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
Jai Vijayan, Contributing WriterNews
Data is fueling account takeover attacks in a big way, Digital Shadows says.
By Jai Vijayan Contributing Writer, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
Dark Reading Staff, Quick Hits
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
More Malware Found Preinstalled on Government Smartphones
Dark Reading Staff, Quick Hits
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
As More People Return to Travel Sites, So Do Malicious Bots
Nicole Ferraro, Contributing WriterNews
Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.
By Nicole Ferraro Contributing Writer, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
US Charges Kazakhstani Citizen With Hacking Into More Than 300 Orgs
Robert Lemos, Contributing WriterNews
The accused man, and members of his cybercriminal group, allegedly made at least $1.5 million hacking into companies and selling access to systems over the past three years.
By Robert Lemos Contributing Writer, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
How Advanced Attackers Take Aim at Office 365
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
By Kelly Sheridan Staff Editor, Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Fresh Options for Fighting Fraud in Financial Services
Simon Armstrong, VP Products at EntersektCommentary
Fraud prevention requires a consumer-centric, data sharing approach.
By Simon Armstrong VP Products at Entersekt, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWareCommentary
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
By Tiffany Ricks CEO, HacWare, 7/8/2020
Comment1 Comment  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Devices in Secure Spaces
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
EDP Renewables Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
By Dark Reading Staff , 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Treasury Releases Fraud and Money Mule ID Tips
Dark Reading Staff, Quick Hits
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
By Dark Reading Staff , 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Seizes Domains Used in COVID-19-Themed Attacks
Jai Vijayan, Contributing WriterNews
Court grants company's bid to shut down infrastructure used in recent campaigns against Office 365 users.
By Jai Vijayan Contributing Writer, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Drone Path Often Reveals Operator's Location
Robert Lemos, Contributing WriterNews
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
By Robert Lemos Contributing Writer, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/7/2020
Comment1 Comment  |  Read  |  Post a Comment
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
By Douglas Ferguson Founder & CTO, Pharos Security, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Applying the 80-20 Rule to Cybersecurity
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
How security teams can achieve 80% of the benefit for 20% of the work.
By Dan Blum Cybersecurity & Risk Management Strategist, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
BEC Busts Take Down Multimillion-Dollar Operations
Kelly Sheridan, Staff Editor, Dark ReadingNews
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
By Kelly Sheridan Staff Editor, Dark Reading, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
Robert Lemos, Contributing WriterNews
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
By Robert Lemos Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
North Korea's Lazarus Group Diversifies Into Card Skimming
Jai Vijayan, Contributing WriterNews
Since at least May 2019, the state-sponsored threat actor has stolen card data from dozens of retailers, including major US firms.
By Jai Vijayan Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Dark Reading Staff, Quick Hits
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5604
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
CVE-2020-5974
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
CVE-2020-15072
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVE-2020-15073
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVE-2020-2034
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed