Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
Securing Slack: 5 Tips for Safer Messaging, Collaboration
A 7-Step Cybersecurity Plan for Healthcare Organizations
The Threat from the Internet--and What Your Organization Can Do About It
COVID-19: Latest Security News & Commentary
News & Commentary
Botnet Infects Hundreds of Thousands of Websites
Robert Lemos, Contributing WriterNews
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
By Robert Lemos Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Jai Vijayan, Contributing WriterNews
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
By Jai Vijayan Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Plague Loyalty Programs
Ericka Chickowski, Contributing WriterNews
But that's not the only type of web attack cybercriminals have been profiting from.
By Ericka Chickowski Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
WordPress Plug-in Updated in Rare Forced Action
Dark Reading Staff, Quick Hits
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
By Dark Reading Staff , 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
8 New and Hot Cybersecurity Certifications for 2020
Joan Goodchild, Contributing Writer
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
By Joan Goodchild Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Raises $740M in Second IPO
Dark Reading Staff, Quick Hits
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
By Dark Reading Staff , 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Need for 'Guardrails' in Cloud-Native Applications Intensifies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Michael Piccalo, Director, OT/ICS Systems Engineering, Forescout TechnologiesCommentary
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
By Michael Piccalo Director, OT/ICS Systems Engineering, Forescout Technologies, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
FIRST Announces Cyber-Response Ethical Guidelines
Dark Reading Staff, Quick Hits
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
By Dark Reading Staff , 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Oracle Releases Another Mammoth Security Patch Update
Jai Vijayan, Contributing WriterNews
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
By Jai Vijayan Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
Robert Lemos, Contributing WriterNews
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
As Smartphones Become a Hot Target, Can Mobile EDR Help?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
How AI Will Supercharge Spear-Phishing
Darktrace Experts, Staff
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
By Darktrace Experts Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
IASME Consortium to Kick-start New IoT Assessment Scheme
IFSEC Global, StaffNews
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
By IFSEC Global Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Robert Lemos, Contributing WriterNews
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Attacks Show Little Sign of Slowing in 2021
Jai Vijayan, Contributing WriterNews
With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
By Jai Vijayan Contributing Writer, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Nokia Threat Intelligence Report Warns of Rising Cyberattacks on Internet-Connected Devices
Splunk Unveils New Innovations Across Its Security Operations Suite
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Splunk Acquires Plumbr, Agrees to Acquire Rigor
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Corsa Security Automates Firewall as a Service
ReliaQuest’s GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

8 New and Hot Cybersecurity Certifications for 2020
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
How AI Will Supercharge Spear-Phishing
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15270
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
CVE-2018-21266
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2018-21267
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed