Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Post-COVID-19 Security Spending Update
A Hacker's Playlist
6 Lessons IT Security Can Learn From DevOps
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Ivanti Acquires Two Security Companies
Dark Reading Staff, Quick Hits
Purchase of MobileIron and Pulse Secure announced simultaneously.
By Dark Reading Staff , 9/28/2020
Comment0 comments  |  Read  |  Post a Comment
Universal Health Services Network Down in Apparent Ransomware Attack
Dark Reading Staff, Quick Hits
UHS reportedly hit with ransomware that took down its network that supports hundreds of healthcare facilities and hospitals.
By Dark Reading Staff , 9/28/2020
Comment0 comments  |  Read  |  Post a Comment
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 9/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, AmericasCommentary
How getting online learning right today will protect schools, and the communities they serve, for years to come.
By James Lui Ericom Group CTO, Americas, 9/28/2020
Comment1 Comment  |  Read  |  Post a Comment
MFA-Minded Attackers Continue to Figure Out Workarounds
Robert Lemos, Contributing WriterNews
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
By Robert Lemos Contributing Writer, 9/28/2020
Comment0 comments  |  Read  |  Post a Comment
6 Things to Know About the Microsoft 'Zerologon' Flaw
Jai Vijayan, Contributing WriterNews
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
By Jai Vijayan Contributing Writer, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
Kelly Sheridan, Staff Editor, Dark ReadingNews
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Getting Over the Security-to-Business Communication Gap in DevSecOps
Ericka Chickowski, Contributing WriterNews
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
By Ericka Chickowski Contributing Writer, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/25/2020
Comment23 comments  |  Read  |  Post a Comment
RASP 101: Staying Safe With Runtime Application Self-Protection
Nicole Ferraro, Contributing Writer
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
By Nicole Ferraro Contributing Writer, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing WriterNews
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.
By Jai Vijayan Contributing Writer, 9/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
Robert Lemos, Contributing WriterNews
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
By Robert Lemos Contributing Writer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Instagram Flaw Could Let Attackers Spy on Victims
Kelly Sheridan, Staff Editor, Dark ReadingNews
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Agrees to Acquire Preempt Security for $96M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform.
By Dark Reading Staff , 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Attackers Now Exploiting 'Zerologon' Flaw
Dark Reading Staff, Quick Hits
The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild.
By Dark Reading Staff , 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Gaming Industry Hit With 10B+ Attacks In Past Two Years
Nicole Ferraro, Contributing Writer
Criminals scored big with credential stuffing and web app attacks, yet many gamers seem unfazed.
By Nicole Ferraro Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark ReadingNews
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TimKorry
Current Conversations Great tips. Thanks
In reply to: Great tips
Post Your Own Reply
More Conversations
Products & Releases
Attacks Against Building Automation, Oil and Gas Industries Up in First Half of 2020
Secureworks Completes Acquisition of Delve Laboratories, Inc.
Thales Empowers Organisations to Simplify the Discovery, Protection and Control of Sensitive Data
New Report Unveils the Most Vulnerable Sectors & Departments to Phishing Attacks
Devo Technology Adds $60 Million in Growth Funding
As Digital Transformation Accelerates, Entrust Datacard Becomes "Entrust"
Cyber Deception Reduces Data Breach Costs by Over 51% & SOC Inefficiencies by 32%
Dashlane Launches Historical Password Health Score Reporting
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

RASP 101: Staying Safe With Runtime Application Self-Protection
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
Can Schools Pass Their Biggest Cybersecurity Test Yet?
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
A Hacker's Playlist
Nine security researchers share their favorite songs and genres.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed