Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark ReadingNews
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing WriterNews
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
By Robert Lemos Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Programs See Signups & Payouts Surge
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Extends Data Loss Prevention to Cloud App Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Permission Management & the Goldilocks Conundrum
Dotan Bar Noy, Co-Founder and CEO, AuthomizeCommentary
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
By Dotan Bar Noy Co-Founder and CEO, Authomize, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Work Exacerbating Data Sprawl
Robert Lemos, Contributing WriterNews
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.
By Robert Lemos Contributing Writer, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw
Dark Reading Staff, Quick Hits
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.
By Dark Reading Staff , 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Greater Cyber Resiliency
Andrew Rubin, CEO & Founder at IllumioCommentary
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
By Andrew Rubin CEO & Founder at Illumio, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine LearningExpert Insights
Future consumer devices, including pacemakers, should be built with security from the start.
By Gary McGraw Ph.D. Co-founder Berryville Institute of Machine Learning, 9/21/2020
Comment3 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/21/2020
Comment22 comments  |  Read  |  Post a Comment
Mitigating Cyber-Risk While We're (Still) Working from Home
PJ Kirner, CTO & Founder, IllumioCommentary
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
By PJ Kirner CTO & Founder, Illumio, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
US Charges Five Members of China-Linked APT41 for Global Attacks
Dark Reading Staff, Quick Hits
The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.
By Dark Reading Staff , 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVistaCommentary
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
By Simone Petrella Chief Executive Officer, CyberVista, 9/16/2020
Comment2 comments  |  Read  |  Post a Comment
Rethinking Resilience: Tips for Your Disaster Recovery Plan
Kelly Sheridan, Staff Editor, Dark ReadingNews
As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.
By Kelly Sheridan Staff Editor, Dark Reading, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Eric Parizo, Senior Analyst, OmdiaCommentary
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
By Eric Parizo Senior Analyst, Omdia, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...