Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
What Usability Means to Security Pros
Q&A: Eugene Spafford on the Risks of Internet Voting
10 Tips for Maintaining Information Security During Layoffs
RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes
COVID-19: Latest Security News & Commentary
News & Commentary
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnectCommentary
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
By Stephen Ward VP, ThreatConnect, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 7/1/2020
Comment12 comments  |  Read  |  Post a Comment
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 6/30/2020
Comment10 comments  |  Read  |  Post a Comment
FCC Designates Huawei & ZTE as National Security Threats
Jai Vijayan, Contributing WriterNews
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.
By Jai Vijayan Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19 Puts ICS Security Initiatives 'On Pause'
Nicole Ferraro, Contributing WriterNews
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.
By Nicole Ferraro Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
Robert Lemos, Contributing WriterNews
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
By Robert Lemos Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff, Quick Hits
The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
By Dark Reading Staff , 6/30/2020
Comment8 comments  |  Read  |  Post a Comment
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Mark Darby, CEO of ISMS.onlineCommentary
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
By Mark Darby CEO of ISMS.online, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
CISA Issues Advisory on Home Routers
Dark Reading Staff, Quick Hits
The increase in work-from-home employees raises the importance of home router security.
By Dark Reading Staff , 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Profile of the Post-Pandemic CISO
Joan Goodchild, Contributing Writer
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
By Joan Goodchild Contributing Writer, 6/30/2020
Comment2 comments  |  Read  |  Post a Comment
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks
Jai Vijayan, Contributing WriterNews
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
By Jai Vijayan Contributing Writer, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
University of California SF Pays Ransom After Medical Servers Hit
Robert Lemos, Contributing WriterNews
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.
By Robert Lemos Contributing Writer, 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
Kelly Sheridan, Staff Editor, Dark ReadingNews
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
By Kelly Sheridan Staff Editor, Dark Reading, 6/29/2020
Comment2 comments  |  Read  |  Post a Comment
HackerOne Reveals Top 10 Bug-Bounty Programs
Dark Reading Staff, Quick Hits
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
By Dark Reading Staff , 6/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Files Stolen from 945 Websites Discovered on Dark Web
Dark Reading Staff, Quick Hits
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
By Dark Reading Staff , 6/29/2020
Comment0 comments  |  Read  |  Post a Comment
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 6/29/2020
Comment5 comments  |  Read  |  Post a Comment
Major US Companies Targeted in New Ransomware Campaign
Jai Vijayan, Contributing WriterNews
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.
By Jai Vijayan Contributing Writer, 6/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/26/2020
Comment1 Comment  |  Read  |  Post a Comment
SOC Wins & Losses
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/26/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Kaspersky Announces Integrated Endpoint Security
IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue
Abnormal Security Data Reveals 200% Monthly Increase in BEC Attacks Focused on Invoice or Payment Fraud
Cynet Announces $18M Funding Round
Farsight Security Unveils Technical Innovations, Promotions and User Community Activities to Mark DNSDB 10th Anniversary Milestone
Authomize Secures $6M Seed Funding for Automated Authorization and Security
WatchGuard Technologies Report Finds Two-Thirds of Malware is Encrypted, Invisible Without HTTPS Inspection
Blueliv and King & Union Announce Threat Intelligence Partnership
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Profile of the Post-Pandemic CISO
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
How to Wring Every Last Drop Out of Your Security Budget
In the face of tighter budgets and lowered spending forecasts due to the pandemic, optimizing and improving the efficiency of security programs -- without sacrificing integrity -- has never been more important.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
Flash Poll
Video
Slideshows
Twitter Feed