Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
Open Source Flaws Take Years to Find But Just a Month to Fix
Robert Lemos, Contributing WriterNews
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
By Robert Lemos Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in the Biden Administration: Experts Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security pros and former government employees share their expectations and concerns for the new administration – and their hope for a "return to normal."
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Dark Reading Staff, Quick Hits
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
By Dark Reading Staff , 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Loyal Employee ... or Cybercriminal Accomplice?
Pam Baker, Contributing Writer
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
By Pam Baker Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security Slipup Exposes Health Records & Lab Results
Dark Reading Staff, Quick Hits
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
By Dark Reading Staff , 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Avi Shua, Co-Founder, Orca SecurityCommentary
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
By Avi Shua Co-Founder, Orca Security, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Free Mobile App Measures Your Personal Cyber Risk
Steve Zurier, Contributing WriterNews
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
By Steve Zurier Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Unmanaged Devices Heighten Risks for School Networks
Jai Vijayan, Contributing WriterNews
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K–12 school networks.
By Jai Vijayan Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious or Vulnerable Docker Images Widespread, Firm Says
Robert Lemos, Contributing WriterNews
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
By Robert Lemos Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
SASE 101: Why All the Buzz?
Jennifer Bosavage, Editor In Chief, Solution Providers for Retail
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
By Jennifer Bosavage Editor In Chief, Solution Providers for Retail, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Sander Vinberg, Threat Research Evangelist at F5 LabsCommentary
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
By Sander Vinberg Threat Research Evangelist at F5 Labs, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Call Fraud Operator Ordered to Pay $9M to Victims
Dark Reading Staff, Quick Hits
Indian national will serve 20 years in prison for running a large call center fraud operation.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Ivanti Acquires MobileIron & Pulse Secure
Dark Reading Staff, Quick Hits
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
Dark Reading Staff, News
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Former NSS Labs CEO Launches New Security Testing Organization
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Can't Afford a Full-time CISO? Try the Virtual Version
John Roman, President and COO of FoxPointe SolutionsCommentary
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
By John Roman President and COO of FoxPointe Solutions, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
2020 Cybersecurity Holiday Gift Guide for Kids
Ericka Chickowski, Contributing Writer
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.
By Ericka Chickowski Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
New Net Technologies (NNT) Launches Change Tracker for Cloud and Container Environments
Imprivata Acquires FairWarning to Expand Digital Identity Platform
Secureworks to Deliver New Threat Detection and Response Security Analytics Features
Philips Expands Its Healthcare Customer Services Portfolio with Integrated Cybersecurity Services
Kaspersky Finds SMBs That Proactively Disclose Breaches Experience 40% Less Financial Damage
CompTIA PenTest+ Approved by U.S. Department of Defense
Operation Falcon: INTERPOL and Group-IB Identify Nigerian BEC Ring Members
Abnormal Security Raises $50M in Series B Funding
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Loyal Employee ... or Cybercriminal Accomplice?
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
SASE 101: Why All the Buzz?
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
5 Signs Someone Might be Taking Advantage of Your Security Goodness
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26246
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
Flash Poll
Video
Slideshows
Twitter Feed