Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tax Season Security Tips
6 Factors That Raise The Stakes For IoT Security
RSAC Sets Finalists for Innovation Sandbox
5 Measures to Harden Election Technology
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
All About SASE: What It Is, Why It's Here, How to Use It
Kelly Sheridan, Staff Editor, Dark ReadingNews
Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Malware Rears Its Ugly Head Again
Dark Reading Staff, News
A resurgence in Emotet malware may make it one of the most pervasive security threats of 2020.
By Special to Dark Reading: Brien Posey, ITPro Today , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
California Man Arrested for Politically Motivated DDoS
Dark Reading Staff, Quick Hits
The distributed denial-of-service attacks took a congressional candidate's website offline for a total of 21 hours during the campaign for office.
By Dark Reading Staff , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
NRC Health Ransomware Attack Prompts Patient Data Concerns
Dark Reading Staff, Quick Hits
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.
By Dark Reading Staff , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Olympics Could Face Disruption from Regional Powers
Robert Lemos, Contributing WriterNews
Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.
By Robert Lemos Contributing Writer, 2/21/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Get CISOs & Boards on the Same Page
Joe Schorr, Global Executive Services Director, Optiv SecurityCommentary
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
By Joe Schorr Global Executive Services Director, Optiv Security, 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Popular Mobile Document-Management Apps Put Data at Risk
Jai Vijayan, Contributing WriterNews
Most iOS and Android apps that Cometdocs has published on Google and Apple app stores transmit entire documents - unencrypted.
By Jai Vijayan Contributing Writer, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff, Quick Hits
A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.
By Dark Reading Staff , 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
It's Time to Break the 'Rule of Steve'
Maxine Holt, Research Director, OmdiaCommentary
Today, in a room full of cybersecurity professionals, there are still more people called Steve than there are women.
By Maxine Holt Research Director, Omdia, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Personal Info of 10.6M MGM Resort Guests Leaked Online
Dark Reading Staff, Quick Hits
Data published on a hacking forum includes phone numbers and email addresses of travelers ranging from everyday tourists to celebrities and tech CEOs.
By Dark Reading Staff , 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
10 Tough Questions CEOs Are Asking CISOs
Joan Goodchild, Contributing Writer
CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.
By Joan Goodchild Contributing Writer, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing WriterNews
In addition, more third parties are discovering the attacks rather than the companies themselves.
By Robert Lemos Contributing Writer, 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape
Jai Vijayan, Contributing WriterNews
McAfee researchers say they were able to get a Tesla to autonomously accelerate by tricking its camera platform into misreading a speed-limit sign.
By Jai Vijayan Contributing Writer, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
MITRE Engenuity to Evaluate Cybersecurity Products Based on Carbanak and FIN7 Groups
ZeroFOX Announces $74M in Funding from Intel Capital
7 Out of 10 Organizations Have Seen Hacking Attempts via IoT
BluBracket Unveils Code Security Suite, Announces $6.5M In Seed Funding
Egnyte Launches Next-Gen Content Services Platform for Businesses to Manage Risk and Accelerate Growth in the Content Critical Era
Huntress Secures $18M Investment Led By ForgePoint Capital
Praetorian Closes $10M Series A to Help Enterprises Navigate Future Cybersecurity Risks
Nok Nok Labs Welcomes Apple to the FIDO Alliance; Reports Record Growth
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
10 Tough Questions CEOs Are Asking CISOs
CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.
Martin and Dorothie Hellman on Love, Crypto & Saving the World
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his wife of 53 years, Dorothie, talk about the current state of cryptography and what making peace at home taught them about making peace on Earth.
Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed