Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

8 Cybersecurity Themes to Expect at Black Hat USA 2020

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness

Q&A: How Systemic Racism Weakens Cybersecurity

COVID-19: Latest Security News & Commentary

Top Stories

8 Cybersecurity Themes to Expect at Black ...

11 Security Tools to Expect at the Black ...

Vulnerable Invisible Salamanders and You: ...

Q&A: How Systemic Racism Weakens ...

COVID-19: Latest Security News & Commentary

News & Commentary

11 Hot Startups to Watch at Black Hat USA

A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.

By Kelly Sheridan Staff Editor, Dark Reading, 8/3/2020

0 comments | Read | Post a Comment

FBI Warns on New E-Commerce Fraud

News

A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.

By Dark Reading Staff , 8/3/2020

0 comments | Read | Post a Comment

DHS Urges 'Highest Priority' Attention on Old Chinese Malware Threat

News

"Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008.

By Jai Vijayan Contributing Writer, 8/3/2020

0 comments | Read | Post a Comment

New 'Nanodegree' Program Provides Hands-On Cybersecurity Training

News

Emerging streamlined curriculum programs aim to help narrow the skills gap.

By Nicole Ferraro Contributing Writer, 8/3/2020

0 comments | Read | Post a Comment

Why Data Ethics Is a Growing CISO Priority

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

By Joan Goodchild Contributing Writer, 8/3/2020

0 comments | Read | Post a Comment

Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020

Commentary

Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.

By Eric Parizo Senior Analyst, Omdia, 8/3/2020

0 comments | Read | Post a Comment

Travel Management Firm CWT Pays $4.5M to Ransomware Attackers

Quick Hits

Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data.

By Dark Reading Staff , 8/3/2020

0 comments | Read | Post a Comment

A Patriotic Solution to the Cybersecurity Skills Shortage

Commentary

Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.

By Adam Benson Senior VP, Vrge Strategies, 8/3/2020

0 comments | Read | Post a Comment

COVID-19: Latest Security News & Commentary

News

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

By Dark Reading Staff , 8/3/2020

17 comments | Read | Post a Comment

Latest Comment: HannaGrey, Thank you for always updating this post, it also helps us have an idea of what...

How Should I Securely Destroy/Discard My Devices?

While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.

By Kurtis Minder co-Founder & CEO, GroupSense, 8/3/2020

0 comments | Read | Post a Comment

3 Arrested for Massive Twitter Breach

Quick Hits

Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack.

By Kelly Sheridan Staff Editor, Dark Reading, 7/31/2020

0 comments | Read | Post a Comment

New Initiative Links Cybersecurity Pros to Election Officials

Quick Hits

A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.

By Dark Reading Staff , 7/31/2020

0 comments | Read | Post a Comment

Twitter: Employees Compromised in Phone Spear-Phishing Attack

Quick Hits

The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.

By Dark Reading Staff , 7/31/2020

0 comments | Read | Post a Comment

3 Ways Social Distancing Can Strengthen Your Network

Commentary

Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.

By Dr. Mike Lloyd CTO of RedSeal, 7/31/2020

0 comments | Read | Post a Comment

'Hidden Property Abusing' Allows Attacks on Node.js Applications

News

A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.

By Robert Lemos Contributing Writer, 7/31/2020

0 comments | Read | Post a Comment

Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know

News

Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.

By Kelly Sheridan Staff Editor, Dark Reading, 7/30/2020

1 Comment | Read | Post a Comment

Latest Comment: dwrightetc, Yes, I would agree shorter SSL certificate life spans are more secure, mostly...

Dark Web Travel Fraudsters Left Hurting From Lockdowns

News

Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.

By Ericka Chickowski Contributing Writer, 7/30/2020

0 comments | Read | Post a Comment

Mimecast Buys MessageControl

Quick Hits

The email security provider brings into its fold social engineering and human identity capabilities.

By Dark Reading Staff , 7/30/2020

0 comments | Read | Post a Comment

Ill-Defined Career Paths Hamper Growth for IT Security Pros

News

Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.

By Jai Vijayan Contributing Writer, 7/30/2020

0 comments | Read | Post a Comment

5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness

Commentary

Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.

By James Hadley CEO at Immersive Labs, 7/30/2020

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by matthewkmiller

Sandboxing? Ppphhht! I've moved beyond sandboxes to sandcastles.

In reply to: Sandcastle
Post Your Own Reply

Posted by tdsan

Wow, someone really said trying to avenge. This conversation was not about avenging, it was about being sick and tired of people standing on our necks (ala George Floyd) and doing something about it. All we want is an equal...

In reply to: Re: Interesting comments
Post Your Own Reply

Posted by dwrightetc

Yes, I would agree shorter SSL certificate life spans are more secure, mostly due to the fact that the more times you use and encryption key to encrypt data the more vulnerable the key becomes. There are several tactics...

In reply to: Big Tech using their power to dictate to the world
Post Your Own Reply

Posted by HannaGrey

Thank you for always updating this post, it also helps us have an idea of what is happening currently. It may be sad but we need to know. dry wall contractor

In reply to: Appreciation.
Post Your Own Reply

Posted by MarkSitkowski

I guess the only consolation, is that this newspeak will be limited to use in the United States, and not in our parts of the world, where the 150 year old crimes that you're all still trying to avenge were never committe...

In reply to: Re: Interesting comments
Post Your Own Reply

Posted by tdsan

In general, I object to the prostitution of the language of Shakespeare and Milton by professional offendees to suit their political ends. - Interesting, I object to all of the attrocities (fact) that were terrible in...

In reply to: Re: Interesting comments
Post Your Own Reply

Posted by MarkSitkowski

In general, I object to the prostitution of the language of Shakespeare and Milton by professional offendees to suit their political ends. In particular, science and engineering are above and outside of politics and...

In reply to: Re: Interesting comments
Post Your Own Reply

Posted by tdsan

DarkReading - I thought that referenced issues from a computing standpoint that are surreptitious in nature or secretive, done in the dark where people can't see what is being performed, that does not bother me. What bother's...

In reply to: Interesting comments
Post Your Own Reply

Posted by GVTeam

The problem is 100% fixed and wpDiscuz is safe.You can ignore this if you've already updated to 7.0.5 or higher version (current version is 7.0.6). This was fixed and the new version 7.0.5 was released a week ago. There...

In reply to: All is fixed!
Post Your Own Reply

Posted by libertyboy

ummm?

In reply to: Bold Story from the name DARKReading!
Post Your Own Reply

Posted by wessir

This only introduces an aspect of 'racism' that wasn't there. These terms are etched into metal. It won't be long and the younger workers can't understand documentation or the letters on devices because of what? feelings? I...

In reply to: Sad future for the younger tech workers
Post Your Own Reply

Posted by RyanSepe

Side Note: I'm very happy to be on PTO this week and do not have to explain to management that we have a "BootHole" to worry about.

In reply to: Side Note
Post Your Own Reply

More Conversations

Products & Releases

DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network

Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans

Tanium Report Reveals 85 Percent of Organizations Experienced More Cyberattacks Since the Start of the Pandemic

Offensive Security Acquires Open Source Security Training Project VulnHub

PAS Releases Modular OT Cybersecurity Solution

AWS Announces General Availability of Amazon Fraud Detector

Onapsis Releases Free SAP RECON Vulnerability Scanning Tool

Digital Shadows Announces Integration with Atlassian Jira

More Products & Releases

PR Newswire

Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

How to Decipher InfoSec Job Titles' Mysteries

Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.

Rise of the Robots: How You Should Secure RPA

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?

Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness

A Black Hat presentation will discuss how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.

Live Events

Webinars

Expert led sessions and real networking - Join us at Data Center World 2020: A Virtual Experience

Collaborate With IT Industry Leaders at Interop Digital, Oct. 5-8

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Sandboxing? Ppphhht! I've moved beyond sandboxes to sandcastles.

Cartoon Archive

White Papers

Container Security Best Practices: A How-To Guide

CyberSecurity Trends 2020

A Guide to the Iranian Threat Landscape

Online Traffic & Cyber Attacks During COVID-19

DevOps for the Database

More White Papers

Current Issue

Special Report: Computing's New Normal, a Dark Reading Perspective

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-11583
PUBLISHED: 2020-08-03

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.

CVE-2020-11584
PUBLISHED: 2020-08-03

A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.

CVE-2020-5770
PUBLISHED: 2020-08-03

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

CVE-2020-5771
PUBLISHED: 2020-08-03

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.

CVE-2020-5772
PUBLISHED: 2020-08-03

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

Reports

The Threat from the Internet—and What Your Organization Can Do About It

This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!

Download Now!

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

0 comments

State of Cybersecurity Incident Response

0 comments

Developing and Maintaining Secure Applications

0 comments

More Reports

Flash Poll

All Polls