Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
RedCurl APT Group Hacks Global Companies for Corporate Espionage
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Secure Development Takes a (Remote) Village
Guy Podjarny, CEO & Cofounder, SnykCommentary
The shift to work from home isn't just about giving your Dev team the physical tools they need.
By Guy Podjarny CEO & Cofounder, Snyk, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Return Brings New Tactics & Evasion Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Symmetry Systems Emerges from Stealth
Dark Reading Staff, Quick Hits
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
EU-US Privacy Shield Dissolution: What Happens Next?
Sam Curry, CSO, CybereasonCommentary
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
By Sam Curry CSO, Cybereason, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.
By Kelly Sheridan Staff Editor, Dark Reading, 8/10/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/10/2020
Comment19 comments  |  Read  |  Post a Comment
Getting to the Root: How Researchers Identify Zero-Days in the Wild
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
OpenText Blends Security, Data Protection for Greater Cyber Resilience
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
A Real-World Tool for Organizing, Integrating Your Other Tools
Dark Reading Staff, News
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
What a Security Engineer & Software Engineer Learned by Swapping Roles
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Tales from the Trenches Show Security Issues Endemic to Healthcare
Robert Lemos, Contributing WriterNews
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
Terry Sweeney, Contributing EditorNews
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
A Paramedic's Guide to Cybersecurity: Video
Kelly Sheridan, Staff Editor, Dark ReadingNews
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services and the parallels that already exist.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
Robert Lemos, Contributing WriterNews
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Dark Reading Staff, Quick Hits
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by dfwroofingpro
Current Conversations I agreed
In reply to: Blake Luby
Post Your Own Reply
Posted by nuritakartika
Current Conversations yes agree for you
In reply to: Re: Effective Grouping
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
CVE-2020-24343
PUBLISHED: 2020-08-13
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.