Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
COVID-19: Latest Security News & Commentary
The Wild, Wild West(world) of Cybersecurity
8 Infosec Page-Turners for Days Spent Indoors
Dark Reading Cybersecurity Crossword Puzzle
State of Cybersecurity Incident Response
News & Commentary
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.
By Kelly Sheridan Staff Editor, Dark Reading, 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Soothing Security Products We Wish Existed
Curtis Franklin Jr., Senior Editor at Dark Reading
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
This is Not Your Father’s Ransomware
Joan Goodchild, Contributing Writer
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
By Joan Goodchild Contributing Writer, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 4/3/2020
Comment2 comments  |  Read  |  Post a Comment
Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters
Jai Vijayan, Contributing WriterNews
With COVID-19 concerns running high, attackers are trying new tactics to get to users.
By Jai Vijayan Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Bad Bots Build Presence Across the Web
Dark Reading Staff, Quick Hits
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Are Failing to Deploy Key Solution for Email Security
Robert Lemos, Contributing WriterNews
A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
5 Ways Enterprises Inadvertently Compromise Their Network Security
Dark Reading Staff, Quick Hits
Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.
By Special to Dark Reading: John Edwards, Network Computing , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Hacker's Perspective on Securing VPNs As You Go Remote
David Commentary
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
By David "Moose" Wolpoff Co-founder and CTO of Randori, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: The Devil You Know?
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/2/2020
Comment1 Comment  |  Read  |  Post a Comment
New Magecart Skimmer Infects 19 Victim Websites
Dark Reading Staff, Quick Hits
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Best Practices to Manage Third-Party Cyber-Risk Today
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Researchers Focus on Zoom App's Security
Robert Lemos, Contributing WriterNews
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Leverage Excel File Encryption to Deliver Malware
Jai Vijayan, Contributing WriterNews
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
By Jai Vijayan Contributing Writer, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Attacks Hit the Mainstream
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
By Jason Crabtree CEO & Co-Founder, QOMPLX, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by emmawatson02020
Current Conversations Such a nice post.. I appreciate you...
In reply to: Reply
Post Your Own Reply
More Conversations
Products & Releases
RiskSense Introduces Full Spectrum Risk-Based Vulnerability Management
Axonius Announces $58 Million in New Funding
Jon Lovitz Joins NINJIO as Lead Voice Actor and Recurring Character
KnowBe4 Report Finds 37.9% of Untrained End Users Will Fail a Phishing Test
Link11 Offers Free DDoS Protection to Public Sector Organizations
(ISC)² Announces CEO Succession Plan
cPacket Networks Secures $15 Million Investment from Morgan Stanley Expansion Capital
SailPoint Extends SailPoint Predictive Identity Platform with New Cloud Governance Solutions
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
5 Soothing Security Products We Wish Existed
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
This is Not Your Father's Ransomware
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11558
PUBLISHED: 2020-04-05
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_m...
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed