Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRockCommentary
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.
By Peter Barker Chief Product Officer at ForgeRock, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 6/1/2020
Comment11 comments  |  Read  |  Post a Comment
Bank of America Security Incident Affects PPP Applicants
Dark Reading Staff, Quick Hits
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing WriterNews
Mobile providers don't often update users when applications are not supported by developers, security firm says.
By Robert Lemos Contributing Writer, 5/29/2020
Comment5 comments  |  Read  |  Post a Comment
Cisco Announces Patches to SaltStack
Dark Reading Staff, Quick Hits
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Distancing with Microsegmentation
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
By Trevor Pott Product Marketing Director at Juniper Networks, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Zscaler Buys Edge Networks
Dark Reading Staff, Quick Hits
The acquisition is Zscaler's second major buy this quarter.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
A Rogues' Gallery of MacOS Malware
Curtis Franklin Jr., Senior Editor at Dark Reading
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites
Jai Vijayan, Contributing WriterNews
Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.
By Jai Vijayan Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Valak Malware Retasked to Steal Data from US, German Firms
Robert Lemos, Contributing WriterNews
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Dark Reading Staff, Quick Hits
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
By Dark Reading Staff , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
3 SMB Cybersecurity Myths Debunked
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Small and midsize businesses are better at cyber resilience than you might think.
By Marc Wilczek Digital Strategist & COO of Link11, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Robert Lemos, Contributing WriterNews
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
Steve Zurier, Contributing WriterNews
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
By Steve Zurier Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment5 comments  |  Read  |  Post a Comment
How Elite Protectors Operationalize Security Protection
Maurice Uenuma & A.T. Smith, Vice President, Federal & Enterprise, Tripwire / Independent Cybersecurity ConsultantCommentary
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
By By Maurice Uenuma, VP, Federal & Enterprise, Tripwire, former Special Ops Marine, and A.T. Smith, Former Deputy Director of the U.S. Secret Service , 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques
Jai Vijayan, Contributing WriterNews
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.
By Jai Vijayan Contributing Writer, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing WriterNews
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.
By Robert Lemos Contributing Writer, 5/27/2020
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
CISA Releases New Cyber Essentials Toolkit
Intrusion Inc. Appoints Jack Blount as President and Chief Executive Officer
Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers
RiskIQ Creates Complimentary COVID-19 Internet Intelligence Gateway to Fight Pandemic of Cybercrime
RackTop BrickStor SP Secure NAS data security platform now resold by Hewlett Packard Enterprise
New Research Indicates 84% of Businesses Will Likely Increase Work-from-Home Capacity Beyond Pandemic Despite Security Concerns
Smarsh Acquires Entreda, Leader in Cybersecurity Risk & Compliance Software for Wealth Management Industry
FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
5 Tips for Fighting Credential Stuffing Attacks
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6868
PUBLISHED: 2020-06-01
ZTE's PON terminal product is impacted by the access control vulnerability. Due to the system not performing correct access control on some program interfaces, an attacker could use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations. This affects...
CVE-2020-7659
PUBLISHED: 2020-06-01
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as val...
CVE-2020-4019
PUBLISHED: 2020-06-01
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
CVE-2020-4020
PUBLISHED: 2020-06-01
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
CVE-2020-4021
PUBLISHED: 2020-06-01
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.
Flash Poll
Video
Slideshows
Twitter Feed