Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


News & Commentary
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Huge DDoS Attack Launched Against Cloudflare in Late June
Dark Reading Staff, Quick Hits
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
By Dark Reading Staff , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testing ROI: How to Communicate the Value of Security Testing
Nabil Hannan, Managing Director at NetSPICommentary
There are many reasons to pen test, but the financial reasons tend to get ignored.
By Nabil Hannan Managing Director at NetSPI, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/7/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
Robert Lemos, Contributing WriterNews
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
By Robert Lemos Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Dark Reading Staff, Quick Hits
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Businesses Invest in Cloud Security Tools Despite Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
A majority of organizations say the acceleration was driven by a need to support more remote employees.
By Kelly Sheridan Staff Editor, Dark Reading, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
Robert Lemos, Contributing WriterNews
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
By Robert Lemos Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
CISA Issues Advisory on Home Routers
Dark Reading Staff, Quick Hits
The increase in work-from-home employees raises the importance of home router security.
By Dark Reading Staff , 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/26/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Buys Fleetsmith
Dark Reading Staff, Quick Hits
The fleet management company becomes part of Apple in a deal announced today.
By Dark Reading Staff , 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Back to Basics with Cloud Permissions Management
Raj Mallempati, COO, CloudKnox SecurityCommentary
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
By Raj Mallempati COO, CloudKnox Security, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
Ericka Chickowski, Contributing WriterNews
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
Robert Lemos, Contributing WriterNews
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
By Robert Lemos Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
What Will Cybersecurity's 'New Normal' Look Like?
Curtis Franklin, Security Editor
The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?
By Curtis Franklin Security Editor, 6/19/2020
Comment2 comments  |  Read  |  Post a Comment
Healthcare CISOs Share COVID-19 Response Stories
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...