Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits
Robert Lemos, Contributing WriterNews
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.
By Robert Lemos Contributing Writer, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 4/7/2020
Comment4 comments  |  Read  |  Post a Comment
9 Security Podcasts Worth Tuning In To
Kelly Sheridan, Staff Editor, Dark Reading
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Emotet Attack Shut Down an Entire Business Network
Kelly Sheridan, Staff Editor, Dark ReadingNews
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
By Kelly Sheridan Staff Editor, Dark Reading, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of BEC Dangers
Dark Reading Staff, Quick Hits
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Humans Are Phishing's Weakest Link
Tim Sadler, CEO and co-founder of TessianCommentary
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
By Tim Sadler CEO and co-founder of Tessian, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.
By Kelly Sheridan Staff Editor, Dark Reading, 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Are Failing to Deploy Key Solution for Email Security
Robert Lemos, Contributing WriterNews
A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Hacker's Perspective on Securing VPNs As You Go Remote
David Commentary
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
By David "Moose" Wolpoff Co-founder and CTO of Randori, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Best Practices to Manage Third-Party Cyber-Risk Today
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Alerts Healthcare to Human-Operated Ransomware
Dark Reading Staff, News
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
By Dark Reading Staff , 4/1/2020
Comment2 comments  |  Read  |  Post a Comment
The SOC Emergency Room Faces Malware Pandemic
Avi Chesla, CEO and Founder, empowCommentary
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
By Avi Chesla CEO and Founder, empow, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Why Third-Party Risk Management Has Never Been More Important
Jake Olcott, VP of Communications & Government Affairs, Bitsight TechnologiesCommentary
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
By Jake Olcott VP of Communications & Government Affairs, Bitsight Technologies, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by unturista
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
Posted by futurocoches
Current Conversations how covid has changed the rules...
In reply to: covid
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11619
PUBLISHED: 2020-04-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11620
PUBLISHED: 2020-04-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.