Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
Facebook Messenger Flaw Enabled Spying on Android Callees
Dark Reading Staff, Quick Hits
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
By Dark Reading Staff , 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
How Industrial IoT Security Can Catch Up With OT/IT Convergence
Curtis Franklin Jr., Senior Editor at Dark Reading
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Security Pros Push for More Pervasive Threat Modeling
Robert Lemos, Contributing WriterNews
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
By Robert Lemos Contributing Writer, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
How Cyberattacks Work
Ray Espinoza, Director of Security at Cobalt.ioCommentary
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
By Ray Espinoza Director of Security at Cobalt.io, 11/20/2020
Comment0 comments  |  Read  |  Post a Comment
Telos Goes Public
Jai Vijayan, Contributing WriterNews
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
By Jai Vijayan Contributing Writer, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
Dark Reading Staff, Quick Hits
The data breach began with a compromised employee email account.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
ISP Security: Do We Expect Too Much?
Pam Baker, Contributing Writer
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
By Pam Baker Contributing Writer, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals Get Creative With Google Services
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attacks take advantage of popular services, including Google Forms and Google Docs.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Go SMS Pro Messaging App Exposed Users' Private Media Files
Dark Reading Staff, Quick Hits
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
By Dark Reading Staff , 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTekCommentary
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
By Andrew Lowe Senior Information Security Consultant, TalaTek, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 11/19/2020
Comment22 comments  |  Read  |  Post a Comment
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/19/2020
Comment2 comments  |  Read  |  Post a Comment
2021 Cybersecurity Spending: How to Maximize Value
Gidi Cohen, Chief Executive Officer & Founder, Skybox SecurityCommentary
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
By Gidi Cohen Chief Executive Officer & Founder, Skybox Security, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Unpatched Browsers Abound, Study Shows
Steve Zurier, Contributing WriterNews
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
By Steve Zurier Contributing Writer, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Online Shopping Surge Puts Focus on Consumer Security Habits
Robert Lemos, Contributing WriterNews
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
By Robert Lemos Contributing Writer, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
Kelly Sheridan, Staff Editor, Dark ReadingNews
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
Out With the Old Perimeter, in With the New Perimeters
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
Trump Fires CISA Director Chris Krebs
Dark Reading Staff, Quick Hits
Christopher Krebs was fired via tweet shortly after the Cybersecurity and Infrastructure Security Agency called the 2020 election "the most secure in American history."
By Dark Reading Staff , 11/18/2020
Comment1 Comment  |  Read  |  Post a Comment
As Businesses Move to Multicloud Approach, Ransomware Follows
Robert Lemos, Contributing WriterNews
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
By Robert Lemos Contributing Writer, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security AnalystCommentary
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
By Zohar Buber Security Analyst, 11/18/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Claroty Partners with CrowdStrike to Protect Industrial Control System Environments
Cloud-Native Security Platform Deepfence Announces $9.5 Million Series A Investment Led by AllegisCyber
Rubrik's Pioneering Cloud Data Management Platform Gets Major Update
Arctic Wolf Expands Operations to Toronto and San Antonio
RangeForce Ushers in New Era of Hands-on Cybersecurity Training Certification with Workforce-Ready Cert Program
Unbound Tech Raises $20M in Series B Funding to Support Global Growth
Open Raven Launches Cloud-Native Data Protection Platform to Automate Security and Privacy Operations
Kaspersky Opens New Transparency Center in North America & Completes Data-Processing Relocation to Switzerland
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

How Industrial IoT Security Can Catch Up With OT/IT Convergence
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
ISP Security: Do We Expect Too Much?
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
An Inside Look at an Account Takeover
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28845
PUBLISHED: 2020-11-20
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
CVE-2020-4004
PUBLISHED: 2020-11-20
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a ...
CVE-2020-4005
PUBLISHED: 2020-11-20
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their...
CVE-2020-20739
PUBLISHED: 2020-11-20
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
CVE-2020-20740
PUBLISHED: 2020-11-20
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
Flash Poll
Video
Slideshows
Twitter Feed