Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
6 Ways Passwords Fail Basic Security Tests
California's Prop. 24 Splits Privacy Advocates
COVID-19: Latest Security News & Commentary
News & Commentary
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
Jai Vijayan, Contributing WriterNews
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
By Jai Vijayan Contributing Writer, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
EFF, Security Experts Condemn Politicization of Election Security
Dark Reading Staff, Quick Hits
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
By Dark Reading Staff , 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Prioritization Tops Security Pros' Challenges
David Habusha, VP of Product, WhiteSourceCommentary
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
By David Habusha VP of Product, WhiteSource, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Scan for Supply-Side Threats in Open Source
Robert Lemos, Contributing WriterNews
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
By Robert Lemos Contributing Writer, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Security Risks Discovered in Tesla Backup Gateway
Dark Reading Staff, Quick Hits
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
By Dark Reading Staff , 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
An Inside Look at an Account Takeover
Darktrace Experts, Staff
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
By Darktrace Experts Staff, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Operator Promotes Distributed Storage for Stolen Data
Jai Vijayan, Contributing WriterNews
The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.
By Jai Vijayan Contributing Writer, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Breakdown of a Break-in: A Manufacturer's Ransomware Response
Kelly Sheridan, Staff Editor, Dark ReadingNews
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review
IFSEC Global, StaffNews
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
By Ron Alalouff, Freelance Journalist , 11/16/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Taps Mudge
Dark Reading Staff, Quick Hits
Noted security researcher Peiter Zatko joins the social network as head of security.
By Dark Reading Staff , 11/16/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Debuts New Tools to Fight Meeting Disruptions
Dark Reading Staff, Quick Hits
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
By Dark Reading Staff , 11/16/2020
Comment0 comments  |  Read  |  Post a Comment
A Call for Change in Physical Security
Fred Burton, Executive Director, Ontic Center for Protective IntelligenceCommentary
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
By Fred Burton Executive Director, Ontic Center for Protective Intelligence, 11/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Apple Issues Security Updates
Dark Reading Staff, Quick Hits
Vulnerabilities found in three most recent versions of macOS.
By Dark Reading Staff , 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Director Expects to Be Fired Following Secure Election
Kelly Sheridan, Staff Editor, Dark ReadingNews
Meanwhile, key legislators and former DHS officials are speaking out in support of CISA director Chris Krebs, who has led the agency's efforts in election security.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
Self-Service Security for Developers Is the DevSecOps Brass Ring
Ericka Chickowski, Contributing WriterNews
DevOps teams with full security integration and self-service capabilities are 80% more likely to fix critical vulnerabilities in under a day, according to the ninth annual "State of DevOps Report."
By Ericka Chickowski Contributing Writer, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Matthew McGuirk, Senior Solutions Engineer at Source DefenseCommentary
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
By Matthew McGuirk Senior Solutions Engineer at Source Defense, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
The Sameness of Every Day: How to Change Up Audit Fatigue
Stephen Horvath, Vice President, Strategy & Cloud, at Telos CorporationCommentary
And with more data compliance laws on the way, audit fatigue could be a real challenge for infosec professionals.
By Stephen Horvath Vice President, Strategy & Cloud, at Telos Corporation, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
Manufacturing Sees Rising Ransomware Threat
Robert Lemos, Contributing WriterNews
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.
By Robert Lemos Contributing Writer, 11/12/2020
Comment1 Comment  |  Read  |  Post a Comment
'Pay2Key' Could Become Next Big Ransomware Threat
Jai Vijayan, Contributing WriterNews
Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.
By Jai Vijayan Contributing Writer, 11/12/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Aware Acquires AFIX Biometric Products From Maxar Technologies
Farsight Security Integrates with Palo Alto Networks Cortex XSOAR to Provide Automated, DNS Intelligence For Cyber Investigations
Concentric Resolves Unaddressed Data Security Threats with AI-based Data Access Governance Solution
Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly
Telos Corporation Announces Launch of IPO
New Tool Detects Unsafe Security Practices in Android Apps
HackNotice Releases Risk Explorer
Vulcan Cyber Adds Remediation Analytics to Provide Full Visibility Into Remediation Efficacy
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

An Inside Look at an Account Takeover
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
We Secured the Election. Now How Do We Secure Trust in Results?
Disinformation campaigns are now designed not only to influence how voters fill out their ballots, but also how confident they are in the entire process. How do legislators, media organizations, security professionals, and voters respond?
9 New Tactics to Spread Security Awareness
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28183
PUBLISHED: 2020-11-17
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
CVE-2020-28092
PUBLISHED: 2020-11-17
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
CVE-2020-28914
PUBLISHED: 2020-11-17
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. Fo...
CVE-2020-28130
PUBLISHED: 2020-11-17
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
CVE-2020-25890
PUBLISHED: 2020-11-17
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or t...
Flash Poll
Video
Slideshows
Twitter Feed