Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
How to Decipher InfoSec Job Titles' Mysteries
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
Vulnerability Prioritization: Are You Getting It Right?
David Habusha, VP of Product, WhiteSourceCommentary
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
By David Habusha VP of Product, WhiteSource, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/10/2020
Comment19 comments  |  Read  |  Post a Comment
Digital Clones Could Cause Problems for Identity Systems
Robert Lemos, Contributing WriterNews
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
By Robert Lemos Contributing Writer, 8/8/2020
Comment0 comments  |  Read  |  Post a Comment
Reddit Attack Defaces Dozens of Channels
Dark Reading Staff, Quick Hits
The attack has defaced the channels with images and content supporting Donald Trump.
By Dark Reading Staff , 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking the PLC via Its Engineering Software
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
By Kelly Sheridan Staff Editor, Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/7/2020
Comment2 comments  |  Read  |  Post a Comment
BEC Campaigns Target Financial Execs via Office 365
Dark Reading Staff, Quick Hits
A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.
By Dark Reading Staff , 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Getting to the Root: How Researchers Identify Zero-Days in the Wild
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Create New Framework to Evaluate User Security Awareness
Jai Vijayan, Contributing WriterNews
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
By Jai Vijayan Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
A Mix of Optimism and Pessimism for Security of the 2020 Election
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Where Dark Reading Goes Next
Dark Reading Staff, News
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
On 'Invisible Salamanders' and Insecure Messages
Dark Reading Staff, News
Cornell researcher Paul Grubbs discusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Exploiting Google Cloud Platform With Ease
Dark Reading Staff, News
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
By Dark Reading Staff , 8/6/2020
Comment1 Comment  |  Read  |  Post a Comment
Information Operations Spotlighted at Black Hat as Election Worries Rise
Robert Lemos, Contributing WriterNews
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
By Robert Lemos Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
Dark Reading Staff, News
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they’ve detected, and suggest mitigations as businesses rely more heavily on the cloud.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
OpenText Blends Security, Data Protection for Greater Cyber Resilience
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Satellite Communication Eavesdropping Will Remain A Problem
Dark Reading Staff, News
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by dfwroofingpro
Current Conversations I agreed
In reply to: Blake Luby
Post Your Own Reply
More Conversations
Products & Releases
Calyptix Security Releases AccessEnforcer 5.0 Beta
Exabeam Announces New Use Case Licensing and Content Library to Simplify SIEM Adoption, Enable Increased Visibility
DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network
Federal, State, Local, and Private-Sector Partners Conduct Nationwide Exercise to Test Election Day Plans
Tanium Report Reveals 85 Percent of Organizations Experienced More Cyberattacks Since the Start of the Pandemic
Offensive Security Acquires Open Source Security Training Project VulnHub
PAS Releases Modular OT Cybersecurity Solution
AWS Announces General Availability of Amazon Fraud Detector
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
How Should I Securely Destroy/Discard My Devices?
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.
Poll: Endpoint Extravaganza
What shape do you expect remote endpoints to be in when they start winging their way back to the office?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13295
PUBLISHED: 2020-08-10
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
CVE-2020-6070
PUBLISHED: 2020-08-10
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
CVE-2020-6145
PUBLISHED: 2020-08-10
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-8224
PUBLISHED: 2020-08-10
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8229
PUBLISHED: 2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed