Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
Penetration Testing: A Road Map for Improving Outcomes
Shane Ryan, Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience TeamCommentary
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
By Shane Ryan Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience Team, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Knowing What the Enemy Knows Is Key to Proper Defense
Jai Vijayan, Contributing WriterNews
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
By Jai Vijayan Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Juvenile Pleads Guilty to 2016 DNS Attack
Dark Reading Staff, Quick Hits
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Robert Lemos, Contributing WriterNews
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
By Robert Lemos Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Breach Fallout Yet to Be Felt
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Edge Editors, Dark Reading
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
By Edge Editors Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
85,000 MySQL Servers Hit in Active Ransomware Campaign
Dark Reading Staff, Quick Hits
Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Wayne Dorris, CISSP, Business Development Manager for Cybersecurity, at Axis CommunicationsCommentary
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
By Wayne Dorris CISSP, Business Development Manager for Cybersecurity, at Axis Communications, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Developed New Kernel-Level Exploits for Old Vulns in Windows
Jai Vijayan, Contributing WriterNews
Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020.
By Jai Vijayan Contributing Writer, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Makes Up Half of All Major Incidents
Robert Lemos, Contributing WriterNews
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.
By Robert Lemos Contributing Writer, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Kelly Sheridan, Staff Editor, Dark ReadingNews
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
10 Ways Device Identifiers Can Spot a Cybercriminal
Joshua Goldfarb, Director of Product Management at F5
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
By Joshua Goldfarb Director of Product Management at F5, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Continue Around 2019 Pace
Dark Reading Staff, Quick Hits
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
By Dark Reading Staff , 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Former Microsoft Cloud Security Leads Unveil New Startup
Dark Reading Staff, Quick Hits
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
By Dark Reading Staff , 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
John Briar, Co-Founder and COO, BotRXCommentary
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
By John Briar Co-Founder and COO, BotRX, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Navigating the Security Maze in a New Era of Cyberthreats
Keith B. Alexander & Jamil Jaffer, Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet CybersecurityCommentary
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
By Keith B. Alexander & Jamil Jaffer Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet Cybersecurity, 12/9/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Karamba Security Announces XGuard Monitor to Manage the Security of Millions of IoT Devices at Scale
ThreatConnect Releases Risk Quantifier 5.0
VMRay Closes $25 Million Series B
New Report from Fudo Security Identifies Key Trends in Secure Remote Access
Cyberbit Launches the First Zero to Hero Cyber Skills Development Cloud
4 of the Top 6 Types of Cybersecurity Incidents Are Now Related to Insider Actions, Netwrix Research Finds
COVID Is Changing the Face of the Fraud Economy as Amateur Attacks Surge
Beyond Identity Raises $75 Million
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
10 Ways Device Identifiers Can Spot a Cybercriminal
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
Name That Toon: Winter Forecast
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Don't worry, you'll know if audit doesn't like your password strength!
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17515
PUBLISHED: 2020-12-11
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
CVE-2020-7793
PUBLISHED: 2020-12-11
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-7788
PUBLISHED: 2020-12-11
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-7790
PUBLISHED: 2020-12-11
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.
CVE-2020-7792
PUBLISHED: 2020-12-11
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively ...
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed