Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Losses Up 50%, Exceeding $1.8B
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
By Marc Wilczek Digital Strategist & COO of Link11, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Announces Rollout of End-to-End Encryption
Dark Reading Staff, Quick Hits
Phase 1 removes Zoom servers from the key generation and distribution processes.
By Dark Reading Staff , 10/14/2020
Comment0 comments  |  Read  |  Post a Comment
Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads
Robert Lemos, Contributing WriterNews
The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.
By Robert Lemos Contributing Writer, 10/14/2020
Comment0 comments  |  Read  |  Post a Comment
NIST Quantum Cryptography Program Nears Completion
Bernie Brode, Nano Product ResearcherCommentary
The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology's uncertain future.
By Bernie Brode Nano Product Researcher, 10/14/2020
Comment0 comments  |  Read  |  Post a Comment
Coalition Pokes Five Eyes on Call for Backdoors
Dark Reading Staff, Quick Hits
The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.
By Dark Reading Staff , 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
25% of BEC Cybercriminals Based in the US
Kelly Sheridan, Staff Editor, Dark ReadingNews
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.
By Kelly Sheridan Staff Editor, Dark Reading, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open RavenCommentary
If data security were a student, its report card would read "Not performing to potential." Here's why.
By Dave Cole Cofounder and CEO, Open Raven, 10/13/2020
Comment2 comments  |  Read  |  Post a Comment
Online Voting Is Coming, but How Secure Will It Be?
Brad Brooks, CEO of OneLoginCommentary
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
By Brad Brooks CEO of OneLogin, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 10/13/2020
Comment21 comments  |  Read  |  Post a Comment
A 7-Step Cybersecurity Plan for Healthcare Organizations
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
By Steve Zurier Contributing Writer, 10/12/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Pinpoint Rogue IoT Devices on Your Network
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.
By Kelly Sheridan Staff Editor, Dark Reading, 10/12/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Bug Bounty to Enterprise Network Researchers
Dark Reading Staff, Quick Hits
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Zerologon Flaw Exploited in TA505 Attacks
Dark Reading Staff, Quick Hits
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
CISOs Planning on Bigger Budgets: Report
Dark Reading Staff, Quick Hits
Budgets are on the rise, even in a time of revenue worries across the industry.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25820
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.