Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Security 101: The 'PrintNightmare' Flaw
Kaseya Releases Security Patch as Companies Continue to Recover
The NSA's 'New' Mission: Get More Public With the Private Sector
AI and Cybersecurity: Making Sense of the Confusion
News & Commentary
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Robert Lemos, Contributing WriterNews
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
By Robert Lemos Contributing Writer, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
A New Approach to Securing Authentication Systems' Core Secrets
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
Joan Goodchild, Staff EditorNews
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
By Joan Goodchild Staff Editor, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
Why Supply Chain Attacks Are Destined to Escalate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
New Normal Demands New Security Leadership Structure
Kelly Sheridan, Staff Editor, Dark ReadingNews
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2021
Comment0 comments  |  Read  |  Post a Comment
Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/2/2021
Comment0 comments  |  Read  |  Post a Comment
8 Security Tools to be Unveiled at Black Hat USA
Ericka Chickowski, Contributing Writer
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
By Ericka Chickowski Contributing Writer, 7/28/2021
Comment0 comments  |  Read  |  Post a Comment
Biden Administration Responds to Geopolitical Cyber Threats
Tanner Johnson, Principal Analyst, Data Security, OmdiaCommentary
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
By Tanner Johnson Principal Analyst, Data Security, Omdia, 7/23/2021
Comment0 comments  |  Read  |  Post a Comment
7 Hot Cyber Threat Trends to Expect at Black Hat
Ericka Chickowski, Contributing Writer
A sneak peek of some of the main themes at Black Hat USA next month.
By Ericka Chickowski Contributing Writer, 7/22/2021
Comment1 Comment  |  Read  |  Post a Comment
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Dark Reading Staff, Quick Hits
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
Jai Vijayan, Contributing WriterNews
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
By Jai Vijayan Contributing Writer, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
How Gaming Attack Data Aids Defenders Across Industries
Robert Lemos, Contributing Writer
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
By Robert Lemos Contributing Writer, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
NSO Group Spyware Used On Journalists & Activists Worldwide
Dark Reading Staff, Quick Hits
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
When Ransomware Comes to (Your) Town
Derek Prall, Contributing Writer,
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
By Derek Prall, Contributing Writer , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
7 Ways AI and ML Are Helping and Hurting Cybersecurity
Andrey Shklyarov & Dmitry Vyrostkov, Chief Compliance Officer, DataArt / Chief Software Architect, Security Services, DataArtCommentary
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
By Andrey Shklyarov & Dmitry Vyrostkov Chief Compliance Officer, DataArt / Chief Software Architect, Security Services, DataArt, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Breaking Down the Threat of Going All-In With Microsoft Security
Nat Kausik, CEO and Co-Founder of BitglassCommentary
Limit risk by dividing responsibility for infrastructure, tools, and security.
By Nat Kausik CEO and Co-Founder of Bitglass, 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Create New Approach to Detect Brand Impersonation
Kelly Sheridan, Staff Editor, Dark ReadingNews
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
Robert Lemos, Contributing WriterNews
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
By Robert Lemos Contributing Writer, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
4 Future Integrated Circuit Threats to Watch
Dr. Matthew Areno, Principal Engineer, Security Architecture and Engineering, IntelCommentary
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
By Dr. Matthew Areno Principal Engineer, Security Architecture and Engineering, Intel, 7/16/2021
Comment0 comments  |  Read  |  Post a Comment
How to Attract More Computer Science Grads to the Cybersecurity Field
Biagio DeSimone, Enterprise Solution Architect, Aqua Security
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
By Biagio DeSimone Enterprise Solution Architect, Aqua Security, 7/16/2021
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Link11 Discovers Record Number of DDoS Attacks in First Half of 2021
The NordPass Password Manager Launches Its Enterprise Solution
Sevco Security Launches with $15 Million in Funding to Scale Adoption of Cloud-Native Security Asset Intelligence Platform
Versa Networks Secures $84M in Series D Funding to Accelerate SASE Growth
Noname Security Lands $60M Series B
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
Armis Data Highlights Need for Enterprise Security as End Users Lack Awareness of Major Cyberattacks
ISARA Corp. Introduces Advance Crypto Agility Suite
More Products & Releases
PR Newswire
Dark Reading Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the Dark Reading site in the coming months.

How to Attract More Computer Science Grads to the Cybersecurity Field
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
10 Mistakes Companies Make In Their Ransomware Responses
Hit by ransomware? These missteps can take a bad scenario and make it even worse.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.
CVE-2021-32598
PUBLISHED: 2021-08-05
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting...
CVE-2021-32603
PUBLISHED: 2021-08-05
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafte...
CVE-2021-3539
PUBLISHED: 2021-08-04
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CVE-2021-36801
PUBLISHED: 2021-08-04
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.
Flash Poll
Video
Slideshows
Twitter Feed