Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Microsoft Extends Data Loss Prevention to Cloud App Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Permission Management & the Goldilocks Conundrum
Dotan Bar Noy, Co-Founder and CEO, AuthomizeCommentary
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
By Dotan Bar Noy Co-Founder and CEO, Authomize, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Work Exacerbating Data Sprawl
Robert Lemos, Contributing WriterNews
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.
By Robert Lemos Contributing Writer, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Dark Reading Staff, Quick Hits
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Greater Cyber Resiliency
Andrew Rubin, CEO & Founder at IllumioCommentary
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
By Andrew Rubin CEO & Founder at Illumio, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine LearningExpert Insights
Future consumer devices, including pacemakers, should be built with security from the start.
By Gary McGraw Ph.D. Co-founder Berryville Institute of Machine Learning, 9/21/2020
Comment1 Comment  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/21/2020
Comment22 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment1 Comment  |  Read  |  Post a Comment
US Charges Five Members of China-Linked APT41 for Global Attacks
Dark Reading Staff, Quick Hits
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
By Dark Reading Staff , 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVistaCommentary
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
By Simone Petrella Chief Executive Officer, CyberVista, 9/16/2020
Comment3 comments  |  Read  |  Post a Comment
Rethinking Resilience: Tips for Your Disaster Recovery Plan
Kelly Sheridan, Staff Editor, Dark ReadingNews
As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.
By Kelly Sheridan Staff Editor, Dark Reading, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Eric Parizo, Senior Analyst, OmdiaCommentary
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
By Eric Parizo Senior Analyst, Omdia, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
Robert Lemos, Contributing WriterNews
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
By Robert Lemos Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Security Through an Economics Lens: A Guide for CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
By Kelly Sheridan Staff Editor, Dark Reading, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Open Source Security's Top Threat and What To Do About It
Lech Sandecki, Product Strategy Manager at Canonical, the publisher of UbuntuCommentary
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
By Lech Sandecki Product Strategy Manager at Canonical, the publisher of Ubuntu, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by suzhoushuang
Current Conversations Great to here that
In reply to: Re: use p2p programs
Post Your Own Reply
Posted by leadmagnets
Current Conversations Nice I like it.
In reply to: Nice Post
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11856
PUBLISHED: 2020-09-22
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
CVE-2020-16202
PUBLISHED: 2020-09-22
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
CVE-2020-24333
PUBLISHED: 2020-09-22
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only� or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing ...
CVE-2020-4619
PUBLISHED: 2020-09-22
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
CVE-2020-4620
PUBLISHED: 2020-09-22
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allo...