Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Signs of a Smartphone Hack
Q&A: How Systemic Racism Weakens Cybersecurity
Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness
Keys for a Safe Return to the Post-Quarantine Office
COVID-19: Latest Security News & Commentary
News & Commentary
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge StrategiesCommentary
Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.
By Adam Benson Senior VP, Vrge Strategies, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment17 comments  |  Read  |  Post a Comment
How Should I Securely Destroy/Discard My Devices?
Kurtis Minder, co-Founder & CEO, GroupSense
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.
By Kurtis Minder co-Founder & CEO, GroupSense, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
3 Arrested for Massive Twitter Breach
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
By Kelly Sheridan Staff Editor, Dark Reading, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
New Initiative Links Cybersecurity Pros to Election Officials
Dark Reading Staff, Quick Hits
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Dark Reading Staff, Quick Hits
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways Social Distancing Can Strengthen your Network
Dr. Mike Lloyd, CTO of RedSealCommentary
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
By Dr. Mike Lloyd CTO of RedSeal, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
'Hidden Property Abusing' Allows Attacks on Node.js Applications
Robert Lemos, Contributing WriterNews
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
By Robert Lemos Contributing Writer, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
By Kelly Sheridan Staff Editor, Dark Reading, 7/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Web Travel Fraudsters Left Hurting From Lockdowns
Ericka Chickowski, Contributing WriterNews
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.
By Ericka Chickowski Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Mimecast Buys MessageControl
Dark Reading Staff, Quick Hits
The email security provider brings into its fold social engineering and human identity capabilities.
By Dark Reading Staff , 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Ill-Defined Career Paths Hamper Growth for IT Security Pros
Jai Vijayan, Contributing WriterNews
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
By Jai Vijayan Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
James Hadley, CEO at Immersive LabsCommentary
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
By James Hadley CEO at Immersive Labs, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Google Adds Security Updates to Chrome Autofill
Dark Reading Staff, Quick Hits
Chrome users can retrieve payment card numbers via biometric authentication and use a new "touch-to-fill: feature to log in to accounts.
By Dark Reading Staff , 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Citizens Are Increasingly Worried About How Companies Use Their Data
Robert Lemos, Contributing WriterNews
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
By Robert Lemos Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Virtually: An Important Time to Come Together as a Community
Dan Lowden, CMO, White OpsCommentary
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
By Dan Lowden CMO, White Ops, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Using the Attack Cycle to Up Your Security Game
Todd Graham, Vice President, VenrockCommentary
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
By Todd Graham Vice President, Venrock, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Jai Vijayan, Contributing Writer
More than 130 security researchers and developers are ready to showcase their work.
By Jai Vijayan Contributing Writer, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing WriterNews
New IBM study shows that security system complexity and cloud migration can amplify breach costs.
By Jai Vijayan Contributing Writer, 7/29/2020
Comment1 Comment  |  Read  |  Post a Comment
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot.
By Kelly Sheridan Staff Editor, Dark Reading, 7/29/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans
Tanium Report Reveals 85 Percent of Organizations Experienced More Cyberattacks Since the Start of the Pandemic
Offensive Security Acquires Open Source Security Training Project VulnHub
PAS Releases Modular OT Cybersecurity Solution
AWS Announces General Availability of Amazon Fraud Detector
Onapsis Releases Free SAP RECON Vulnerability Scanning Tool
Digital Shadows Announces Integration with Atlassian Jira
McAfee Report Finds Increase in Cyberthreats Amid COVID-19
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
How to Decipher InfoSec Job Titles' Mysteries
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
Rise of the Robots: How You Should Secure RPA
Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?
Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness
A Black Hat presentation will discuss how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Sandboxing? Ppphhht! I've moved beyond sandboxes to sandcastles.
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4560
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2019-4589
PUBLISHED: 2020-08-03
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
CVE-2020-4328
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
CVE-2020-4377
PUBLISHED: 2020-08-03
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
CVE-2020-4534
PUBLISHED: 2020-08-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbi...
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed