Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Senior Managers Twice as Likely to Share Work Devices With Outsiders
Steve Zurier, Contributing WriterNews
New survey finds top C-suite managers are much shakier on security than their junior counterparts.
By Steve Zurier Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Why the Weakest Links Matter
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
By Adam Caudill Principal Security Engineer at 1Password, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Patching Still Poses Problems for Industrial Controllers, Networking Devices
Robert Lemos, Contributing WriterNews
More than 90% of devices that run the popular VxWorks embedded operating system remain vulnerable to critical flaws disclosed more than a year ago.
By Robert Lemos Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Why Secure Email Gateways Rewrite Links (and Why They Shouldn't)
Darktrace Experts, Staff
Redirecting a user to a trusted server buys a secure email gateway company some time while it decides whether a URL is malicious -- but there are avoidable drawbacks to this approach.
By Darktrace Experts Staff, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
SSO and MFA Are Only Half Your Identity Governance Strategy
Dotan Bar Noy, Co-Founder and CEO, AuthomizeCommentary
We need better ways to manage user identities for accessing applications, especially given the strain it places on overworked IT and security teams.
By Dotan Bar Noy Co-Founder and CEO, Authomize, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Concerns Run High as More Details of SolarWinds Hack Emerge
Jai Vijayan, Contributing WriterNews
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
By Jai Vijayan Contributing Writer, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Fined in Irish GDPR Action
Dark Reading Staff, Quick Hits
The $547K fine results from an issue Twitter reported in 2019.
By Dark Reading Staff , 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Medical Imaging Leaks Highlight Unhealthy Security Practices
Robert Lemos, Contributing WriterNews
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
By Robert Lemos Contributing Writer, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
By Scott Taschler Director of Product Marketing for CrowdStrike, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
The Private Sector Needs a Cybersecurity Transformation
Steve Ryan, Founder & CEO of Trinity CyberCommentary
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
By Steve Ryan Founder & CEO of Trinity Cyber, 12/15/2020
Comment1 Comment  |  Read  |  Post a Comment
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
Jai Vijayan, Contributing WriterNews
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
By Jai Vijayan Contributing Writer, 12/14/2020
Comment1 Comment  |  Read  |  Post a Comment
2021 Security Budgets: Top Priorities, New Realities
Joan Goodchild, Contributing Writer
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
By Joan Goodchild Contributing Writer, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Amit Bareket, CEO and Co-founder of Perimeter 81Commentary
Emerging businesses that don't embrace scalable security do so at their own peril.
By Amit Bareket CEO and Co-founder of Perimeter 81, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Dark Reading Staff, Quick Hits
Ransomware attacks reported against US K–12 schools jumped from 28% in January through July to 57% in August and September.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Powerful New Adware
Dark Reading Staff, Quick Hits
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
'Tis the Season to Confront Third-Party Risk
Samuel Greengard, Freelance Writer
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
By Samuel Greengard Freelance Writer, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Penetration Testing: A Road Map for Improving Outcomes
Shane Ryan, Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience TeamCommentary
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
By Shane Ryan Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience Team, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Knowing What the Enemy Knows Is Key to Proper Defense
Jai Vijayan, Contributing WriterNews
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
By Jai Vijayan Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Redirecting a user to a trusted server buys a secure email gateway company some time while it decides whether a URL is malicious -- but there are avoidable drawbacks to this approach.
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35133
PUBLISHED: 2020-12-16
irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.
CVE-2020-7781
PUBLISHED: 2020-12-16
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
CVE-2019-14479
PUBLISHED: 2020-12-16
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software.
CVE-2019-14481
PUBLISHED: 2020-12-16
AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover.
CVE-2020-7837
PUBLISHED: 2020-12-16
An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strings in parameters given by attacker. And it finally leads to a stack-based buffer overflow via access ...
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed