Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Botnet Infects Hundreds of Thousands of Websites
Need for 'Guardrails' in Cloud-Native Applications Intensifies
Securing Slack: 5 Tips for Safer Messaging, Collaboration
COVID-19: Latest Security News & Commentary
News & Commentary
New Report Links Cybersecurity and Sustainability
Dark Reading Staff, Quick Hits
Some have also created the role of chief sustainability officer, according to Kaspersky.
By Dark Reading Staff , 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Teach Your Employees Well: How to Spot Smishing & Vishing Scams
Jennifer Bosavage, Editor In Chief, Solution Providers for Retail
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
By Jennifer Bosavage Editor In Chief, Solution Providers for Retail, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Gadi Naor, CTO and Co-Founder, AlcideCommentary
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
By Gadi Naor CTO and Co-Founder, Alcide, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
The Story of McAfee: How the Security Giant Arrived at a Second IPO
Kelly Sheridan, Staff Editor, Dark ReadingNews
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.
By Kelly Sheridan Staff Editor, Dark Reading, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury Sanctions Russian Institution Linked to Triton Malware
Dark Reading Staff, Quick Hits
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
By Dark Reading Staff , 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Could be Coming After Your Coffee
Curtis Franklin Jr., Senior Editor at Dark Reading
Researchers show no IoT device is too small to fall victim to ransomware techniques.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Flurry of Warnings Highlight Cyber Threats to US Elections
Jai Vijayan, Contributing WriterNews
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
By Jai Vijayan Contributing Writer, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 10/23/2020
Comment20 comments  |  Read  |  Post a Comment
A Pause to Address 'Ethical Debt' of Facial Recognition
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Botnet Infects Hundreds of Thousands of Websites
Robert Lemos, Contributing WriterNews
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
By Robert Lemos Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Jai Vijayan, Contributing WriterNews
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says.
By Jai Vijayan Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Plague Loyalty Programs
Ericka Chickowski, Contributing WriterNews
But that's not the only type of web attack cybercriminals have been profiting from.
By Ericka Chickowski Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
WordPress Plug-in Updated in Rare Forced Action
Dark Reading Staff, Quick Hits
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
By Dark Reading Staff , 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
8 New and Hot Cybersecurity Certifications for 2020
Joan Goodchild, Contributing Writer
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
By Joan Goodchild Contributing Writer, 10/22/2020
Comment2 comments  |  Read  |  Post a Comment
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Raises $740M in Second IPO
Dark Reading Staff, Quick Hits
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
By Dark Reading Staff , 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Need for 'Guardrails' in Cloud-Native Applications Intensifies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Michael Piccalo, Director, OT/ICS Systems Engineering, Forescout TechnologiesCommentary
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
By Michael Piccalo Director, OT/ICS Systems Engineering, Forescout Technologies, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
FIRST Announces Cyber-Response Ethical Guidelines
Dark Reading Staff, Quick Hits
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
By Dark Reading Staff , 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Oracle Releases Another Mammoth Security Patch Update
Jai Vijayan, Contributing WriterNews
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
By Jai Vijayan Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Avira Researchers Discover a New Variant of Mirai
IBM Advances Cloud Pak for Security to Manage Threats Across Tools, Teams & Clouds
Positive Technologies Helps Fix 11 Vulnerabilities in Popular SonicWall Firewall Appliances
Nokia Threat Intelligence Report Warns of Rising Cyberattacks on Internet-Connected Devices
Splunk Unveils New Innovations Across Its Security Operations Suite
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Splunk Acquires Plumbr, Agrees to Acquire Rigor
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Teach Your Employees Well: How to Spot Smishing & Vishing Scams
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
Cybercriminals Could be Coming After Your Coffee
Researchers show no IoT device is too small to fall victim to ransomware techniques.
8 New and Hot Cybersecurity Certifications for 2020
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed