Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
By Kelly Sheridan Staff Editor, Dark Reading, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
A Mix of Optimism and Pessimism for Security of the 2020 Election
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Where Dark Reading Goes Next
Dark Reading Staff, News
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Information Operations Spotlighted at Black Hat as Election Worries Rise
Robert Lemos, Contributing WriterNews
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
By Robert Lemos Contributing Writer, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
2019 Breach Leads to $80 Million Fine for Capital One
Dark Reading Staff, Quick Hits
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips For Better Security Across the Software Supply Chain
Matthew Lewinski, Distinguished Engineer at Quest SoftwareCommentary
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
By Matthew Lewinski Distinguished Engineer at Quest Software, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
What a Security Engineer & Software Engineer Learned by Swapping Roles
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Tales from the Trenches Show Security Issues Endemic to Healthcare
Robert Lemos, Contributing WriterNews
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
What to Tell Young People of Color About InfoSec Careers
Dark Reading Staff, News
CEO and founder of Revolution Cyber Juliet Okafor and Baker Hughes Director of Global OT Security Programs Paul Brager talk about the unique lessons and hard truths they provide when mentoring young black cybersecurity professionals.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Medical Devices
Dark Reading Staff, News
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Securing Open Source Software
Robert Former, CISO/VP of Security, AcquiaCommentary
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
By Robert Former CISO/VP of Security, Acquia, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
Robert Lemos, Contributing WriterNews
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
By Robert Lemos Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Security Pros Can Identify Their Organization's Level of Risk
Steve Zurier, Contributing WriterNews
Just 51% work with the business side of the house on risk reduction objectives, new study shows.
By Steve Zurier Contributing Writer, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Threats Are Evolving & How to Spot Them
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
By Kelly Sheridan Staff Editor, Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
New Spin on a Longtime DNS Intel Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Google & Amazon Replace Apple as Phishers' Favorite Brands
Dark Reading Staff, Quick Hits
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
By Dark Reading Staff , 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by dfwroofingpro
Current Conversations I agreed
In reply to: Blake Luby
Post Your Own Reply
Posted by nuritakartika
Current Conversations yes agree for you
In reply to: Re: Effective Grouping
Post Your Own Reply
Posted by quanganh189
Current Conversations i think you're wrong
In reply to: Re: Thank you
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...