Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Risk

News & Commentary
Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond
IFSEC Global, StaffNews
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.
By IFSEC Global Staff, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
New IRS Form Fraud Campaign Targets G Suite Users
Dark Reading Staff, Quick Hits
At least 50,000 executives have been affected so far.
By Dark Reading Staff , 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Fined in Irish GDPR Action
Dark Reading Staff, Quick Hits
The $547K fine results from an issue Twitter reported in 2019.
By Dark Reading Staff , 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Medical Imaging Leaks Highlight Unhealthy Security Practices
Robert Lemos, Contributing WriterNews
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
By Robert Lemos Contributing Writer, 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Amit Bareket, CEO and Co-founder of Perimeter 81Commentary
Emerging businesses that don't embrace scalable security do so at their own peril.
By Amit Bareket CEO and Co-founder of Perimeter 81, 12/14/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Robert Lemos, Contributing WriterNews
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
By Robert Lemos Contributing Writer, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
85,000 MySQL Servers Hit in Active Ransomware Campaign
Dark Reading Staff, Quick Hits
Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Wayne Dorris, CISSP, Business Development Manager for Cybersecurity, at Axis CommunicationsCommentary
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
By Wayne Dorris CISSP, Business Development Manager for Cybersecurity, at Axis Communications, 12/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Kelly Sheridan, Staff Editor, Dark ReadingNews
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Why Compliance Is No Longer King for Financial Services Cybersecurity
Ed Bellis, Co-Founder and CTO of Kenna SecurityCommentary
Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.
By Ed Bellis Co-Founder and CTO of Kenna Security, 12/8/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
Kelly Sheridan, Staff Editor, Dark ReadingNews
Gunter Ollmann explains the benefits of CSPM technology, how IT security teams have evolved, and how the pandemic has shaped security.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Rotem Iram, Founder & CEO, At-BayCommentary
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
By Rotem Iram Founder & CEO, At-Bay, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Common Container Manager Is Vulnerable to Dangerous Exploit
Dark Reading Staff, Quick Hits
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
By Dark Reading Staff , 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Free Mobile App Measures Your Personal Cyber Risk
Steve Zurier, Contributing WriterNews
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
By Steve Zurier Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Can't Afford a Full-time CISO? Try the Virtual Version
John Roman, President and COO of FoxPointe SolutionsCommentary
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
By John Roman President and COO of FoxPointe Solutions, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
4iQ and Alto Analytics Merge and Rebrand as Constella Intelligence
ThreatConnect Releases Risk Quantifier 5.0
Rubrik's Pioneering Cloud Data Management Platform Gets Major Update
Unbound Tech Raises $20M in Series B Funding to Support Global Growth
Concentric Resolves Unaddressed Data Security Threats with AI-based Data Access Governance Solution
HackNotice Releases Risk Explorer
Survey: Biggest Concerns About Securing Digital Infrastructure Include COVID, Unsanctioned Apps, Collaboration Platforms, Marketing Technology
Mastercard Launches AI-Powered Solution to Protect the Digital Ecosystem
More Products & Releases
PR Newswire
The Private Sector Needs a Cybersecurity Transformation
Steve Ryan, Founder & CEO of Trinity Cyber,  12/15/2020
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
Kelly Sheridan, Staff Editor, Dark Reading,  12/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29447
PUBLISHED: 2020-12-21
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.
CVE-2020-35579
PUBLISHED: 2020-12-20
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a ...
CVE-2020-35573
PUBLISHED: 2020-12-20
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
CVE-2020-14224
PUBLISHED: 2020-12-18
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the pr...
CVE-2020-14271
PUBLISHED: 2020-12-18
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the securi...