Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/17/2020
Comment22 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Charges Five Members of China-Linked APT41 for Global Attacks
Dark Reading Staff, Quick Hits
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
By Dark Reading Staff , 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVistaCommentary
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
By Simone Petrella Chief Executive Officer, CyberVista, 9/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Rethinking Resilience: Tips for Your Disaster Recovery Plan
Kelly Sheridan, Staff Editor, Dark ReadingNews
As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.
By Kelly Sheridan Staff Editor, Dark Reading, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Eric Parizo, Senior Analyst, OmdiaCommentary
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
By Eric Parizo Senior Analyst, Omdia, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
Robert Lemos, Contributing WriterNews
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
By Robert Lemos Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Security Through an Economics Lens: A Guide for CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
By Kelly Sheridan Staff Editor, Dark Reading, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Open Source Security's Top Threat and What To Do About It
Lech Sandecki, Product Strategy Manager at Canonical, the publisher of UbuntuCommentary
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
By Lech Sandecki Product Strategy Manager at Canonical, the publisher of Ubuntu, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2020
Comment2 comments  |  Read  |  Post a Comment
Fraud Prevention During the Pandemic
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 9/11/2020
Comment0 comments  |  Read  |  Post a Comment
US Sanctions Russian Attackers for 2020 Election Interference
Kelly Sheridan, Staff Editor, Dark ReadingNews
The move comes as Microsoft publishes research on attack groups and activity attempting to target the Biden and Trump campaigns.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
6 Lessons IT Security Can Learn From DevOps
Curtis Franklin Jr., Senior Editor at Dark Reading
DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
ThreatConnect Buys Nehemiah Security
Dark Reading Staff, Quick Hits
Threat intelligence firm adds Nehemiah's Risk Quantifier to its platform.
By Dark Reading Staff , 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Wes Spencer, CISO at Perch SecurityCommentary
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
By Wes Spencer CISO at Perch Security, 9/10/2020
Comment4 comments  |  Read  |  Post a Comment
Ripple20 Malware Highlights Industrial Security Challenges
Paul Lariviere, Technical Director, Security CompassCommentary
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
By Paul Lariviere Technical Director, Security Compass, 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by digitalindia
Current Conversations Hello nice post 
In reply to: Full-Form List
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5605
PUBLISHED: 2020-09-18
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2020-5606
PUBLISHED: 2020-09-18
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5628
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-5629
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-25756
PUBLISHED: 2020-09-18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."