Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Botnet Infects Hundreds of Thousands of Websites
Need for 'Guardrails' in Cloud-Native Applications Intensifies
Securing Slack: 5 Tips for Safer Messaging, Collaboration
COVID-19: Latest Security News & Commentary
News & Commentary
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
By Kelly Sheridan Staff Editor, Dark Reading, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
US Government Issues Warning on Kimsuky APT Group
Dark Reading Staff, Quick Hits
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Rethinking Security for the Next Normal -- Under Pressure
Justin Tibbs & Zane Lackey, CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal SciencesCommentary
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
By Justin Tibbs & Zane Lackey CSO, National Security Practice, Presidio, and Zane Lackey, CSO & Co-Founder of Signal Sciences, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Trump Campaign Website Defaced by Unknown Attackers
Dark Reading Staff, Quick Hits
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
By Dark Reading Staff , 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Tracking Down the Web Trackers
Seth Rosenblatt, Contributing Writer
Third-party Web trackers might be following your website visitors' every step. How can new tools like Blacklight help you stop them in their tracks?
By Seth Rosenblatt Contributing Writer, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Physical Security Has a Lot of Catching Up to Do
Peter George, Chief Executive Officer at Evolv TechnologyCommentary
The transformation we need: merging the network operations center with the physical security operations center.
By Peter George Chief Executive Officer at Evolv Technology, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Survey Uncovers High Level of Concern Over Firewalls
Jai Vijayan, Contributing WriterNews
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
By Jai Vijayan Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark ReadingNews
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
MITRE Shield Matrix Highlights Deception & Concealment Technology
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Akamai Acquires Asavie
Dark Reading Staff, Quick Hits
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
By Dark Reading Staff , 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
Robert Lemos, Contributing WriterNews
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
By Robert Lemos Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Employees Aware of Emailed Threats Open Suspicious Messages
Dark Reading Staff, Quick Hits
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
By Dark Reading Staff , 10/27/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 10/27/2020
Comment20 comments  |  Read  |  Post a Comment
5 Human Factors That Affect Secure Software Development
Anita D'Amico, CEO, Code Dx Inc.Commentary
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
By Anita D'Amico CEO, Code Dx Inc., 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Neural Networks Help Users Pick More-Secure Passwords
Robert Lemos, Contributing WriterNews
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
By Robert Lemos Contributing Writer, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
Dark Reading Staff, Quick Hits
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
By Dark Reading Staff , 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Links Cybersecurity and Sustainability
Dark Reading Staff, Quick Hits
Some have also created the role of chief sustainability officer, according to Kaspersky.
By Dark Reading Staff , 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Teach Your Employees Well: How to Spot Smishing & Vishing Scams
Jennifer Bosavage, Editor In Chief, Solution Providers for Retail
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
By Jennifer Bosavage Editor In Chief, Solution Providers for Retail, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Gadi Naor, CTO and Co-Founder, AlcideCommentary
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
By Gadi Naor CTO and Co-Founder, Alcide, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Axio Offers Free Cybersecurity Program Assessment Tools
Offensive Security Continues to Expand Security Training and Certification Offerings with New Advanced Pentest Training Course
Nozomi Networks Pioneers SaaS Security and Visibility Solution for Dynamic IoT and OT Networks
Former eBay Employee Pleads Guilty in Aggressive Cyberstalking Campaign
Red Canary enters cloud workload protection space, launches Red Canary Cloud Workload Protection
4iQ Raises $30 Million in Series C Funding, Names Kailash Ambwani as CEO
Attivo Networks Enhances Portfolio for Amplified Identity Access Management Control
Avira Researchers Discover a New Variant of Mirai
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Tracking Down the Web Trackers
Third-party Web trackers might be following your website visitors' every step. How can new tools like Blacklight help you stop them in their tracks?
Teach Your Employees Well: How to Spot Smishing & Vishing Scams
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
Cybercriminals Could be Coming After Your Coffee
Researchers show no IoT device is too small to fall victim to ransomware techniques.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27986
PUBLISHED: 2020-10-28
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it."
CVE-2020-27981
PUBLISHED: 2020-10-28
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy...
CVE-2020-24707
PUBLISHED: 2020-10-28
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
CVE-2020-24708
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
CVE-2020-24709
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Flash Poll
Video
Slideshows
Twitter Feed