Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Ways to Keep Your Remote Workforce Safe
The Threat from the Internet--and What Your Organization Can Do About It
How to Decipher InfoSec Job Titles' Mysteries
Cartoon: Zoom in the COVID-19 Era
COVID-19: Latest Security News & Commentary
News & Commentary
Is China the World's Greatest Cyber Power?
Robert Lemos, Contributing WriterNews
While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China's aggressive approach to cyber operations has made it "perhaps the world's greatest cyber power."
By Robert Lemos Contributing Writer, 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Halt NZ Exchange Trading for Third Day
Dark Reading Staff, Quick Hits
New Zealand Exchange officials say the motive for the attacks is unclear.
By Dark Reading Staff , 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Volume Poised to Overwhelm Infosec Teams
Kelly Sheridan, Staff Editor, Dark ReadingNews
The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
Old Malware Tool Acquires New Tricks
Jai Vijayan, Contributing WriterNews
Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients.
By Jai Vijayan Contributing Writer, 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
Fastly to Acquire Signal Sciences for $775M
Dark Reading Staff, Quick Hits
Signal Sciences' technology will be used to build a new web application and API security tool called [email protected]
By Dark Reading Staff , 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
The Inside Threat from Psychological Manipulators
Joshua Goldfarb, Independent ConsultantCommentary
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
By Joshua Goldfarb Independent Consultant, 8/27/2020
Comment1 Comment  |  Read  |  Post a Comment
How CISOs Can Play a New Role in Defining the Future of Work
David Bradbury, CSO, OktaCommentary
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
By David Bradbury CSO, Okta, 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/27/2020
Comment20 comments  |  Read  |  Post a Comment
'Transparent Tribe' APT Group Deploys New Android Spyware for Cyber Espionage
Jai Vijayan, Contributing WriterNews
The group, which has been around since at least 2013, has impacted thousands of organizations, mostly in India.
By Jai Vijayan Contributing Writer, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Higher Education CISOs Share COVID-19 Response Stories
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
By Kelly Sheridan Staff Editor, Dark Reading, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
US Warns of Ongoing BeagleBoyz Bank-Theft Operations
Dark Reading Staff, Quick Hits
The North Korean operatives have attempted to steal more than $2 billion since 2015 in a series of ongoing campaigns.
By Dark Reading Staff , 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
6 Signs Your Supply Chain Risk Just Shot Up
Curtis Franklin Jr., Senior Editor at Dark Reading
Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound
Jessica Smith, Senior Vice President, The Crypsis GroupCommentary
Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?
By Jessica Smith Senior Vice President, The Crypsis Group, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Russian National Arrested for Conspiracy to Hack Nevada Company
Dark Reading Staff, Quick Hits
The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
By Dark Reading Staff , 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
With More Use of Cloud, Passwords Become Even Weaker Link
Robert Lemos, Contributing WriterNews
Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
By Robert Lemos Contributing Writer, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Jon Mendoza, CISO, TechnologentCommentary
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
By Jon Mendoza CISO, Technologent, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Election Security's Sticky Problem: Attackers Who Don't Attack Votes
Curtis Franklin Jr., Senior Editor at Dark Reading
If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Attack Used Box to Land in Victim Inboxes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.
By Kelly Sheridan Staff Editor, Dark Reading, 8/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Online Business Fraud Down, Consumer Fraud Up
Dark Reading Staff, Quick Hits
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.
By Dark Reading Staff , 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
Three Easy Ways to Avoid Meow-like Database Attacks
Ron Bennatan, Co-founder & CTO of jSonarCommentary
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by rainajordan
Current Conversations Nice Information, Thanks 
In reply to: Thanks
Post Your Own Reply
Posted by Wnahingr
Current Conversations Coooool
In reply to: -
Post Your Own Reply
Posted by Wnahingr
Current Conversations Cool
In reply to: Re: Interesting video
Post Your Own Reply
More Conversations
Products & Releases
Trend Micro Blocked 8.8 Million COVID-19 Threats in the First Half of 2020
ReliaQuest Raises Over $300 Million in Growth Financing Led by KKR
BackupAssist ER Fully Automated Disk to Disk to Cloud Backup Software Launches
Pulse Secure NAC Extends Zero Trust Network Assurance as Users, Endpoints & IoT Devices Return to a Hybrid Workplace
CyberRisk Alliance Launches Benchmark Industry Index
Yellowbrick and Sotero Partner on Enterprise Data Security and Compliance
NeuVector Releases New Version of its Cloud-Native Kubernetes Security Platform
Netsurion Adds Deep Learning-Based Endpoint Threat Prevention with Deep Instinct Partnership
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Election Security's Sticky Problem: Attackers Who Don't Attack Votes
If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.
MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication
Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.
How to Stay Secure on GitHub
GitHub, used badly, can be a source of more vulnerabilities than successful collaborations. Here are ways to keep your development team from getting burned on GitHub.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24715
PUBLISHED: 2020-08-27
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.
CVE-2020-10517
PUBLISHED: 2020-08-27
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content b...
CVE-2020-10518
PUBLISHED: 2020-08-27
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the Gi...
CVE-2020-24714
PUBLISHED: 2020-08-27
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.
CVE-2020-15601
PUBLISHED: 2020-08-27
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack....
Flash Poll
Video
Slideshows
Twitter Feed