Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Threats Are Evolving & How to Spot Them
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
By Kelly Sheridan Staff Editor, Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
New Spin on a Longtime DNS Intel Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
6 Dangerous Defaults Attackers Love (and You Should Know)
Curtis Franklin Jr., Senior Editor at Dark Reading
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Google & Amazon Replace Apple as Phishers' Favorite Brands
Dark Reading Staff, Quick Hits
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
By Dark Reading Staff , 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Securing IoT as a Remote Workforce Strategy
Karen Walsh, Privacy & Compliance ExpertCommentary
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
By Karen Walsh Privacy & Compliance Expert, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
11 Hot Startups to Watch at Black Hat USA
Kelly Sheridan, Staff Editor, Dark Reading
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
By Kelly Sheridan Staff Editor, Dark Reading, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns on New E-Commerce Fraud
Dark Reading Staff, News
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
DHS Urges 'Highest Priority' Attention on Old Chinese Malware Threat
Jai Vijayan, Contributing WriterNews
"Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008.
By Jai Vijayan Contributing Writer, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing WriterNews
Emerging streamlined curriculum programs aim to help narrow the skills gap.
By Nicole Ferraro Contributing Writer, 8/3/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Data Ethics Is a Growing CISO Priority
Joan Goodchild, Contributing Writer
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.
By Joan Goodchild Contributing Writer, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Eric Parizo, Senior Analyst, OmdiaCommentary
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
By Eric Parizo Senior Analyst, Omdia, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
Travel Management Firm CWT Pays $4.5M to Ransomware Attackers
Dark Reading Staff, Quick Hits
Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data.
By Dark Reading Staff , 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge StrategiesCommentary
Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.
By Adam Benson Senior VP, Vrge Strategies, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment18 comments  |  Read  |  Post a Comment
How Should I Securely Destroy/Discard My Devices?
Kurtis Minder, co-Founder & CEO, GroupSense
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.
By Kurtis Minder co-Founder & CEO, GroupSense, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
3 Arrested for Massive Twitter Breach
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.
By Kelly Sheridan Staff Editor, Dark Reading, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
New Initiative Links Cybersecurity Pros to Election Officials
Dark Reading Staff, Quick Hits
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Dark Reading Staff, Quick Hits
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Exabeam Announces New Use Case Licensing and Content Library to Simplify SIEM Adoption, Enable Increased Visibility
DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network
Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans
Tanium Report Reveals 85 Percent of Organizations Experienced More Cyberattacks Since the Start of the Pandemic
Offensive Security Acquires Open Source Security Training Project VulnHub
PAS Releases Modular OT Cybersecurity Solution
AWS Announces General Availability of Amazon Fraud Detector
Onapsis Releases Free SAP RECON Vulnerability Scanning Tool
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Why Data Ethics Is a Growing CISO Priority
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.
How to Decipher InfoSec Job Titles' Mysteries
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
Rise of the Robots: How You Should Secure RPA
Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed