Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
How to Decipher InfoSec Job Titles' Mysteries
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Eric Parizo, Senior Analyst, OmdiaCommentary
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
By Eric Parizo Senior Analyst, Omdia, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Security Jobs With a Future -- And Ones on the Way Out
Joan Goodchild, Contributing Writer
Some titles are hot, while others are not, amid rapidly shifting business priorities.
By Joan Goodchild Contributing Writer, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Heather Federman, VP of Privacy & Policy at BigIDCommentary
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
By Heather Federman VP of Privacy & Policy at BigID, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Adaptive Shield Emerges From Stealth
Jai Vijayan, Contributing WriterNews
Israeli startup joins growing number of vendors offering platform for detecting and mitigating common configuration errors in cloud environments.
By Jai Vijayan Contributing Writer, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Return Brings New Tactics & Evasion Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Announces New Bug-Bounty Program
Dark Reading Staff, Quick Hits
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Using 'Data for Good' to Control the Pandemic
Neil Sweeney, Founder & CEO, KilliCommentary
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
By Neil Sweeney Founder & CEO, Killi, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
SANS Security Training Firm Hit with Data Breach
Dark Reading Staff, Quick Hits
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: 'Rise' and Shine
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 8/12/2020
Comment4 comments  |  Read  |  Post a Comment
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Patrick Carey, Vice President Product Management, ExopriseCommentary
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
By Patrick Carey Vice President Product Management, Exoprise, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Trick Facial-Recognition Systems
Jai Vijayan, Contributing WriterNews
Goal was to see if computer-generated images that look like one person would get classified as another person.
By Jai Vijayan Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
Robert Lemos, Contributing WriterNews
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
By Robert Lemos Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Symmetry Systems Emerges from Stealth
Dark Reading Staff, Quick Hits
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Dark Reading Staff, Quick Hits
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Is Edtech the Greatest APT?
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
EU-US Privacy Shield Dissolution: What Happens Next?
Sam Curry, CSO, CybereasonCommentary
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
By Sam Curry CSO, Cybereason, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Trust Security 101
Curtis Franklin Jr., Senior Editor at Dark Reading
What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
How to Help Spoil the Cybercrime Economy
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
By Marc Wilczek Digital Strategist & COO of Link11, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Perimeter 81 Raises $40 Million in Series B Funding Led by Insight Partners
Mimecast Redefines Phish Testing and Training with SAFE Phish
Censys Raises $15.5 Million; Announces New Scan Engine That Sees 44% More of the Internet
RangeForce Raises $16 Million to Help Enterprises Build Highly Skilled Cybersecurity Teams
Calyptix Security Releases AccessEnforcer 5.0 Beta
Exabeam Announces New Use Case Licensing and Content Library to Simplify SIEM Adoption, Enable Increased Visibility
DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network
Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Security Jobs With a Future -- And Ones on the Way Out
Some titles are hot, while others are not, amid rapidly shifting business priorities.
Name That Toon: 'Rise' and Shine
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Zero-Trust Security 101
What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: They said you could use Zoom anywhere.......
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14483
PUBLISHED: 2020-08-13
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to corr...
CVE-2020-11733
PUBLISHED: 2020-08-13
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configura...
CVE-2020-13281
PUBLISHED: 2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVE-2020-13286
PUBLISHED: 2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVE-2020-15925
PUBLISHED: 2020-08-13
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed