Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Security & Trust Ratings Proliferate: Is That a Good Thing?
Robert Lemos, Contributing WriterNews
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.
By Robert Lemos Contributing Writer, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 5/22/2020
Comment11 comments  |  Read  |  Post a Comment
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, GarrisonCommentary
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
By Henry Harrison Co-founder & Chief Technology Officer, Garrison, 5/21/2020
Comment2 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
Robert Lemos, Contributing WriterNews
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.
By Robert Lemos Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
60% of Insider Threats Involve Employees Planning to Leave
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
By Kelly Sheridan Staff Editor, Dark Reading, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Dark Reading Staff, Quick Hits
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
By Dark Reading Staff , 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
Robert Lemos, Contributing WriterNews
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
By Robert Lemos Contributing Writer, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
By Dan Blum Cybersecurity & Risk Management Strategist, 5/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Google Chrome Redesign Puts Security & Privacy in Users' Hands
Dark Reading Staff, Quick Hits
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
By Dark Reading Staff , 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Web Application Attacks Double from 2019: Verizon DBIR
Kelly Sheridan, Staff Editor, Dark ReadingNews
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
By Kelly Sheridan Staff Editor, Dark Reading, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Jim Ivers, VP within the Synopsys Software Integrity GroupCommentary
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
By Jim Ivers VP within the Synopsys Software Integrity Group, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Private Equity Firm Stalls $1.9B Forescout Acquisition
Dark Reading Staff, Quick Hits
Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.
By Dark Reading Staff , 5/18/2020
Comment0 comments  |  Read  |  Post a Comment
The 3 Top Cybersecurity Myths & What You Should Know
Zack Schuler, Founder and CEO of NINJIOCommentary
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
By Zack Schuler Founder and CEO of NINJIO, 5/18/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Open Sources Its Coronavirus Threat Data
Dark Reading Staff, Quick Hits
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
By Dark Reading Staff , 5/15/2020
Comment0 comments  |  Read  |  Post a Comment
The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before
Joan Goodchild, Contributing Writer
Several A-list celebrities have found themselves at the center of a ransomware attack -- and it's certainly not the first time hackers have gone after them or the entertainment industry. What are security pros doing wrong?
By Joan Goodchild Contributing Writer, 5/15/2020
Comment0 comments  |  Read  |  Post a Comment
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Project Aims to Unmask Disinformation Bots
Robert Lemos, Contributing WriterNews
BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?
By Robert Lemos Contributing Writer, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
8 Supply Chain Security Requirements
Curtis Franklin Jr., Senior Editor at Dark Reading
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Peyton Laudanski
Current Conversations Thats my dad.
In reply to: CastleCops
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.