Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 8/3/2020
Comment17 comments  |  Read  |  Post a Comment
3 Ways Social Distancing Can Strengthen your Network
Dr. Mike Lloyd, CTO of RedSealCommentary
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
By Dr. Mike Lloyd CTO of RedSeal, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
By Kelly Sheridan Staff Editor, Dark Reading, 7/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Citizens Are Increasingly Worried About How Companies Use Their Data
Robert Lemos, Contributing WriterNews
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
By Robert Lemos Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Virtually: An Important Time to Come Together as a Community
Dan Lowden, CMO, White OpsCommentary
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
By Dan Lowden CMO, White Ops, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
Using the Attack Cycle to Up Your Security Game
Todd Graham, Vice President, VenrockCommentary
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
By Todd Graham Vice President, Venrock, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Jai Vijayan, Contributing Writer
More than 130 security researchers and developers are ready to showcase their work.
By Jai Vijayan Contributing Writer, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
Dark Reading Staff, Quick Hits
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
By Dark Reading Staff , 7/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
The Future's Biggest Cybercrime Threat May Already Be Here
Steve Durbin, Managing Director of the Information Security ForumCommentary
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
By Steve Durbin Managing Director of the Information Security Forum, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
Ratings for Open Source Projects Aim to Make Software More Secure
Robert Lemos, Contributing WriterNews
Two companies have teamed up to rate open source projects, but can adopting repository ratings help developers make better decisions regarding open source?
By Robert Lemos Contributing Writer, 7/27/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 7/27/2020
Comment0 comments  |  Read  |  Post a Comment
Banning TikTok Won't Solve Our Privacy Problems
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
By Marc Rogers Executive Director of Cybersecurity, Okta, 7/24/2020
Comment0 comments  |  Read  |  Post a Comment
Deepfakes & James Bond Research Project: Cool but Dangerous
Matt Lewis, Technical Research Director at NCC GroupCommentary
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
By Matt Lewis Technical Research Director at NCC Group, 7/23/2020
Comment1 Comment  |  Read  |  Post a Comment
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Ericka Chickowski, Contributing Writer
Here are the trends and topics that'll capture the limelight at this year's virtual event.
By Ericka Chickowski Contributing Writer, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
VC Investment in Cybersecurity Dips & Shifts with COVID-19
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/22/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Hires Security Experts to Boost COVID-19 Response
Dark Reading Staff, Quick Hits
The agency brings in expertise from the private sector to improve its technical capabilities and engagement with industry partners.
By Dark Reading Staff , 7/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons from the Pandemic
Monica Verma, CISO and Board Member of Cloud Security Alliance NorwayCommentary
How does cybersecurity support business and society? The pandemic shows us.
By Monica Verma CISO and Board Member of Cloud Security Alliance Norway, 7/22/2020
Comment2 comments  |  Read  |  Post a Comment
The State of Hacktivism in 2020
Seth Rosenblatt, Contributing WriterNews
Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet.
By Seth Rosenblatt Contributing Writer, 7/21/2020
Comment1 Comment  |  Read  |  Post a Comment
The Data Privacy Loophole Federal Agencies Are Still Missing
Scott Straub, Public Sector Lead of Federal Risk Markets, Neustar, IncCommentary
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
By Scott Straub Public Sector Lead of Federal Risk Markets, Neustar, Inc, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by quanganh189
Current Conversations i think you're wrong
In reply to: Re: Thank you
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4560
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2019-4589
PUBLISHED: 2020-08-03
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
CVE-2020-4328
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
CVE-2020-4377
PUBLISHED: 2020-08-03
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
CVE-2020-4534
PUBLISHED: 2020-08-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbi...