Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Supporting Women in InfoSec
Dark Reading Staff, News
Maxine Holt, research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs now.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Developing Community for Woman Infosec Pros in India
Dark Reading Staff, News
Vandana Verma tells us how women in India are finding support, education and love of cybersecurity through the growing InfosecGirls community.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
What to Tell Young People of Color About InfoSec Careers
Dark Reading Staff, News
CEO and founder of Revolution Cyber Juliet Okafor and Baker Hughes Director of Global OT Security Programs Paul Brager talk about the unique lessons and hard truths they provide when mentoring young black cybersecurity professionals.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
Terry Sweeney, Contributing EditorNews
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
HealthScare: Prioritizing Medical AppSec Research
Dark Reading Staff, News
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Medical Devices
Dark Reading Staff, News
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
A Paramedic's Guide to Cybersecurity: Video
Kelly Sheridan, Staff Editor, Dark ReadingNews
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services and the parallels that already exist.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Voatz Delivers Multilayered Security to Protect Electronic Voting
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Election Interference: Whats Next?
Sara Peters, Senior Editor at Dark ReadingNews
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
By Sara Peters Senior Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Building Cybersecurity Strategies in Sub-Saharan Africa
Kelly Sheridan, Staff Editor, Dark Reading
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Attack of the Clone: Next-Gen Social Engineering
Dark Reading Staff, News
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Securing Open Source Software
Robert Former, CISO/VP of Security, AcquiaCommentary
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
By Robert Former CISO/VP of Security, Acquia, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Offers Tool for Career Navigation
Dark Reading Staff, Quick Hits
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
Robert Lemos, Contributing WriterNews
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Dark Reading Staff, Quick Hits
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nuritakartika
Current Conversations yes agree for you
In reply to: Re: Effective Grouping
Post Your Own Reply
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
CVE-2020-13404
PUBLISHED: 2020-08-05
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
CVE-2020-15112
PUBLISHED: 2020-08-05
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime pa...
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed