Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2020 Cybersecurity Holiday Gift Guide for Kids
Cybersecurity in the Biden Administration: Experts Weigh In
SASE 101: Why All the Buzz?
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
COVID-19: Latest Security News & Commentary
News & Commentary
The Private Sector Needs a Cybersecurity Transformation
Steve Ryan, Founder & CEO of Trinity CyberCommentary
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
By Steve Ryan Founder & CEO of Trinity Cyber, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
Jai Vijayan, Contributing WriterNews
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
By Jai Vijayan Contributing Writer, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
2021 Security Budgets: Top Priorities, New Realities
Joan Goodchild, Contributing Writer
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
By Joan Goodchild Contributing Writer, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Amit Bareket, CEO and Co-founder of Perimeter 81Commentary
Emerging businesses that don't embrace scalable security do so at their own peril.
By Amit Bareket CEO and Co-founder of Perimeter 81, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Dark Reading Staff, Quick Hits
Ransomware attacks reported against US K–12 schools jumped from 28% in January through July to 57% in August and September.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Powerful New Adware
Dark Reading Staff, Quick Hits
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.
By Dark Reading Staff , 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
'Tis the Season to Confront Third-Party Risk
Samuel Greengard, Freelance Writer
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
By Samuel Greengard Freelance Writer, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Penetration Testing: A Road Map for Improving Outcomes
Shane Ryan, Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience TeamCommentary
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
By Shane Ryan Global Practice Lead - Application Security for BSI's Cybersecurity and Information Resilience Team, 12/11/2020
Comment0 comments  |  Read  |  Post a Comment
Knowing What the Enemy Knows Is Key to Proper Defense
Jai Vijayan, Contributing WriterNews
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
By Jai Vijayan Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Juvenile Pleads Guilty to 2016 DNS Attack
Dark Reading Staff, Quick Hits
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Robert Lemos, Contributing WriterNews
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
By Robert Lemos Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Breach Fallout Yet to Be Felt
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Edge Editors, Dark Reading
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
By Edge Editors Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
85,000 MySQL Servers Hit in Active Ransomware Campaign
Dark Reading Staff, Quick Hits
Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Wayne Dorris, CISSP, Business Development Manager for Cybersecurity, at Axis CommunicationsCommentary
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
By Wayne Dorris CISSP, Business Development Manager for Cybersecurity, at Axis Communications, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
4iQ and Alto Analytics Merge and Rebrand as Constella Intelligence
Sophos Announces 4 New Open Artificial Intelligence Developments
One in 10 Gamers Have Had Their ID Stolen
WatchGuard Report Details COVID-19 Impact on Security Threat Landscape
Thoma Bravo Announces Strategic Growth Investment in Venafi
Ethics by Design: New Report Helps Companies Move Beyond Compliance
Vade Secure Releases Fully Customizable MTA Builder for ISPs and Telcos
Karamba Security Announces XGuard Monitor to Manage the Security of Millions of IoT Devices at Scale
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

2021 Security Budgets: Top Priorities, New Realities
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021
Demands of the "new normal" won't stop the majority of poll-takers from mastering new skills.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Just "remain vigilant"
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28203
PUBLISHED: 2020-12-15
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).
CVE-2020-28442
PUBLISHED: 2020-12-15
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
CVE-2020-35470
PUBLISHED: 2020-12-15
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
CVE-2020-35471
PUBLISHED: 2020-12-15
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
CVE-2020-35457
PUBLISHED: 2020-12-14
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries i...
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Flash Poll
Video
Slideshows
Twitter Feed