Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Building Cybersecurity Strategies in Sub-Saharan Africa
Kelly Sheridan, Staff Editor, Dark Reading
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Attack of the Clone: Next-Gen Social Engineering
Dark Reading, News
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
By Dark Reading , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Securing Open Source Software
Robert Former, CISO/VP of Security, AcquiaCommentary
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
By Robert Former CISO/VP of Security, Acquia, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Offers Tool for Career Navigation
Dark Reading Staff, Quick Hits
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
Robert Lemos, Contributing WriterNews
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Dark Reading Staff, Quick Hits
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Doubled in Q2 Compared with Prior Quarter
Jai Vijayan, Contributing WriterNews
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
By Jai Vijayan Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Security Pros Can Identify Their Organization's Level of Risk
Steve Zurier, Contributing WriterNews
Just 51% work with the business side of the house on risk reduction objectives, new study shows.
By Steve Zurier Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2020
Comment3 comments  |  Read  |  Post a Comment
How Ransomware Threats Are Evolving & How to Spot Them
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
By Kelly Sheridan Staff Editor, Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
New Spin on a Longtime DNS Intel Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
6 Dangerous Defaults Attackers Love (and You Should Know)
Curtis Franklin Jr., Senior Editor at Dark Reading
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Google & Amazon Replace Apple as Phishers' Favorite Brands
Dark Reading Staff, Quick Hits
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
By Dark Reading Staff , 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Securing IoT as a Remote Workforce Strategy
Karen Walsh, Privacy & Compliance ExpertCommentary
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
By Karen Walsh Privacy & Compliance Expert, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
11 Hot Startups to Watch at Black Hat USA
Kelly Sheridan, Staff Editor, Dark Reading
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
By Kelly Sheridan Staff Editor, Dark Reading, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns on New E-Commerce Fraud
Dark Reading Staff, News
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nuritakartika
Current Conversations yes agree for you
In reply to: Re: Effective Grouping
Post Your Own Reply
More Conversations
Products & Releases
Calyptix Security Releases AccessEnforcer 5.0 Beta
Exabeam Announces New Use Case Licensing and Content Library to Simplify SIEM Adoption, Enable Increased Visibility
DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network
Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans
Tanium Report Reveals 85 Percent of Organizations Experienced More Cyberattacks Since the Start of the Pandemic
Offensive Security Acquires Open Source Security Training Project VulnHub
PAS Releases Modular OT Cybersecurity Solution
AWS Announces General Availability of Amazon Fraud Detector
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
Why Data Ethics Is a Growing CISO Priority
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.
How to Decipher InfoSec Job Titles' Mysteries
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16192
PUBLISHED: 2020-08-05
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
CVE-2020-17364
PUBLISHED: 2020-08-05
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
CVE-2020-4481
PUBLISHED: 2020-08-05
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
CVE-2020-5608
PUBLISHED: 2020-08-05
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered c...
CVE-2020-5609
PUBLISHED: 2020-08-05
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to cre...
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed