Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
Kelly Sheridan, Staff Editor, Dark ReadingNews
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
How Nanotechnology Will Disrupt Cybersecurity
Bernie Brode, Nano Product ResearcherCommentary
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
By Bernard Brode , 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Top 5 Questions (and Answers) About GRC Technology
Matt Kunkel, Co-founder & CEO, LogicGateCommentary
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
By Matt Kunkel Co-founder & CEO, LogicGate, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 7/14/2020
Comment14 comments  |  Read  |  Post a Comment
A Paramedic's Lessons for Cybersecurity Pros
Kelly Sheridan, Staff Editor, Dark ReadingNews
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
By Kelly Sheridan Staff Editor, Dark Reading, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Experts Predict Rise of Data Theft in Ransomware Attacks
Dark Reading Staff, Quick Hits
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
By Dark Reading Staff , 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Chad Loeven, President of VMRay Inc.Commentary
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
By Chad Loeven President of VMRay Inc., 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
By Tim Wilson, Editor in Chief, Dark Reading , 7/9/2020
Comment1 Comment  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most from Nessus
Curtis Franklin Jr., Senior Editor at Dark Reading
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Fresh Options for Fighting Fraud in Financial Services
Simon Armstrong, VP Products at EntersektCommentary
Fraud prevention requires a consumer-centric, data sharing approach.
By Simon Armstrong VP Products at Entersekt, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Devices in Secure Spaces
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Drone Path Often Reveals Operator's Location
Robert Lemos, Contributing WriterNews
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
By Robert Lemos Contributing Writer, 7/7/2020
Comment1 Comment  |  Read  |  Post a Comment
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/7/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity's Lament: There Are No Cooks in Space
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/3/2020
Comment0 comments  |  Read  |  Post a Comment
Anatomy of a Long-Con Phish
Chenxi Wang, Founder and General Partner, Rain CapitalExpert Insights
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
By Chenxi Wang Founder and General Partner, Rain Capital, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by nhunganh18
Current Conversations great
In reply to: Re: Effective Grouping
Post Your Own Reply
Posted by Aperiam
Current Conversations thank you
In reply to: thanks
Post Your Own Reply
Posted by stonde
Current Conversations Thank you.
In reply to: Interesting article
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4462
PUBLISHED: 2020-07-16
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive i...
CVE-2019-4747
PUBLISHED: 2020-07-16
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
CVE-2019-4748
PUBLISHED: 2020-07-16
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
CVE-2020-14000
PUBLISHED: 2020-07-16
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code ...
CVE-2020-15027
PUBLISHED: 2020-07-16
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.