Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


News & Commentary
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
Jai Vijayan, Contributing WriterNews
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
By Jai Vijayan Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Malware Found Preinstalled on Government Smartphones
Dark Reading Staff, Quick Hits
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Devices in Secure Spaces
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Drone Path Often Reveals Operator's Location
Robert Lemos, Contributing WriterNews
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
By Robert Lemos Contributing Writer, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Android Adware Tied to Undeletable Malware
Dark Reading Staff, Quick Hits
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
7 IoT Tips for Home Users
Steve Zurier, Contributing Writer
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
By Steve Zurier Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
FCC Designates Huawei & ZTE as National Security Threats
Jai Vijayan, Contributing WriterNews
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.
By Jai Vijayan Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Apple Buys Fleetsmith
Dark Reading Staff, Quick Hits
The fleet management company becomes part of Apple in a deal announced today.
By Dark Reading Staff , 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
Seth Rosenblatt, Contributing WriterNews
Government-mandated Internet shutdowns occur far more regularly than you might expect.
By Seth Rosenblatt Contributing Writer, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Previews Windows Defender ATP for Android
Dark Reading Staff, Quick Hits
In addition, the first release of Defender ATP for Linux is now generally available.
By Dark Reading Staff , 6/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Twitter Says Business Users Were Vulnerable to Data Breach
Dark Reading Staff, Quick Hits
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
By Dark Reading Staff , 6/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
Ericka Chickowski, Contributing WriterNews
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
Employees Say They're Working From Home Without Security Guidance
Dark Reading Staff, Quick Hits
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
By Dark Reading Staff , 6/22/2020
Comment2 comments  |  Read  |  Post a Comment
FBI Says Sudden Increase in Mobile Banking Is Heightening Risks For Users
Jai Vijayan, Contributing WriterNews
Mobile malware and fake apps purporting to be legitimate banking software are big risks, law enforcement agency says.
By Jai Vijayan Contributing Writer, 6/11/2020
Comment0 comments  |  Read  |  Post a Comment
Protocol Vulnerability Threatens Mobile Networks
Dark Reading Staff, Quick Hits
A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.
By Dark Reading Staff , 6/11/2020
Comment0 comments  |  Read  |  Post a Comment
Fake COVID-19 Contact-Tracing Apps Infect Android Phones
Dark Reading Staff, Quick Hits
Researchers find 12 Android applications disguised as official COVID-19 contact tracing apps installing malware onto devices.
By Dark Reading Staff , 6/10/2020
Comment0 comments  |  Read  |  Post a Comment
Asset Management Mess? How to Get Organized
Joan Goodchild, Contributing WriterNews
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
By Joan Goodchild Contributing Writer, 6/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Mobile Phishing Attacks Increase Sharply
Jai Vijayan, Contributing WriterNews
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.
By Jai Vijayan Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Researcher $100,000 for Critical Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by NoahSorell
Current Conversations Really!
In reply to: Re: Not surprising
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...