Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How to Decipher InfoSec Job Titles' Mysteries
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Reddit Attack Defaces Dozens of Channels
Dark Reading Staff, Quick Hits
The attack has defaced the channels with images and content supporting Donald Trump.
By Dark Reading Staff , 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking the PLC via Its Engineering Software
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
By Kelly Sheridan Staff Editor, Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/7/2020
Comment1 Comment  |  Read  |  Post a Comment
BEC Campaigns Target Financial Execs via Office 365
Dark Reading Staff, Quick Hits
A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.
By Dark Reading Staff , 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Getting to the Root: How Researchers Identify Zero-Days in the Wild
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Create New Framework to Evaluate User Security Awareness
Jai Vijayan, Contributing WriterNews
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
By Jai Vijayan Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
A Mix of Optimism and Pessimism for Security of the 2020 Election
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Where Dark Reading Goes Next
Dark Reading Staff, News
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
On 'Invisible Salamanders' and Insecure Messages
Dark Reading Staff, News
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Exploiting Google Cloud Platform With Ease
Dark Reading Staff, News
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
By Dark Reading Staff , 8/6/2020
Comment1 Comment  |  Read  |  Post a Comment
Information Operations Spotlighted at Black Hat as Election Worries Rise
Robert Lemos, Contributing WriterNews
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
By Robert Lemos Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
Dark Reading Staff, News
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
OpenText Blends Security, Data Protection for Greater Cyber Resilience
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Satellite Communication Eavesdropping Will Remain A Problem
Dark Reading Staff, News
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Using IoT Botnets to Manipulate the Energy Market
Dark Reading Staff, News
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
Dark Reading Staff, News
Researchers Peleg Hader and Tomer Bar ofSafeBreachshare details of the three vulnerabilities they found in Windows Print Spoolerthat could allow an attacker to sneak into the network throughan old printer service mechanism.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by dfwroofingpro
Current Conversations I agreed
In reply to: Blake Luby
Post Your Own Reply
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.
What shape do you expect remote endpoints to be in when they start winging their way back to the office?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed