Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing WriterNews
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.
By Robert Lemos Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Architect Proves Hardest Infosec Role to Fill
Dark Reading Staff, Quick Hits
Nearly 70% of businesses struggle to recruit, hire, and retain cybersecurity talent, and many link security incidents to lack of skills.
By Dark Reading Staff , 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
HackerOne Bounties Hit $100M Milestone
Dark Reading Staff, Quick Hits
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
By Dark Reading Staff , 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Standing Privilege: The Attacker's Advantage
Tim Keeler, Founder and CEO, RemediantCommentary
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
By Tim Keeler Founder and CEO, Remediant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing WriterNews
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.
By Seth Rosenblatt Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
By Kelly Sheridan Staff Editor, Dark Reading, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
What the World's Elite Protectors Teach Us about Cybersecurity
Maurice Uenuma & A.T. Smith, Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity ConsultantCommentary
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
By Maurice Uenuma & A.T. Smith Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity Consultant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
6 Steps Consumers Should Take Following a Hack
Steve Zurier, Contributing Writer
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
By Steve Zurier Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 5/27/2020
Comment11 comments  |  Read  |  Post a Comment
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
By Kelly Sheridan Staff Editor, Dark Reading, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Americans Care About Security But Don't Follow Through
Dark Reading Staff, Quick Hits
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Turla Backdoor Adds Gmail Web Interface for Command-and-Control
Jai Vijayan, Contributing WriterNews
The latest version of ComRAT is another sign of the threat actor's continued focus on targets in the government, military, and other sectors.
By Jai Vijayan Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Nicole Ferraro, Contributing Writer
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
By Nicole Ferraro Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Benefits of a Cloud-Based, Automated Cyber Range
Rocky Yuan, Cybersecurity Engineer at BAE systemsCommentary
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
By Rocky Yuan Cybersecurity Engineer at BAE systems, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Q&A: Eugene Kaspersky on Tourism, the Pandemic, and Cybersecurity
Jai Vijayan, Contributing WriterNews
The CEO and co-founder of eponymously named security vendor has launched a new travel accelerator program amid the COVID-19 crisis.
By Jai Vijayan Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
World Leaders Urge Action Against Healthcare Cyberattacks
Dark Reading Staff, Quick Hits
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, PanaseerCommentary
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
By Dr. Leila Powell Lead Security Data Scientist, Panaseer, 5/26/2020
Comment2 comments  |  Read  |  Post a Comment
Content Delivery Networks Adding Checks for Magecart Attacks
Robert Lemos, Contributing WriterNews
Modern web applications make significant use of third-party code to drive innovation, but the software supply chain has also turned into a major source of threat. CDNs aim to change that.
By Robert Lemos Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by horeakaii
Current Conversations I guess so.  
In reply to: Re: Unhardening
Post Your Own Reply
Posted by EdWelsh
Current Conversations Very interesting)
In reply to: Great!
Post Your Own Reply
More Conversations
Products & Releases
New Research Indicates 84% of Businesses Will Likely Increase Work-from-Home Capacity Beyond Pandemic Despite Security Concerns
Smarsh Acquires Entreda, Leader in Cybersecurity Risk & Compliance Software for Wealth Management Industry
FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities
Avanan Introduces Cloud-based Security for Citrix ShareFile
Telos Appoints General Keith Alexander as Inaugural Member of Advisory Board
Varonis Announces New Platform Update Featuring Remote Work Cybersecurity Capabilities
Accurics' 'State of DevSecOps Report' Highlights Shift Toward Provisioning Cloud Infrastructure Through Code
FTI Consulting Survey Shares Data Privacy Budget and Solutions Forecast
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
5 Tips for Fighting Credential Stuffing Attacks
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.
CVE-2020-10946
PUBLISHED: 2020-05-27
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.0...
Flash Poll
Video
Slideshows
Twitter Feed