Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
New APT Targets Middle Eastern Victims
Dark Reading Staff, Quick Hits
The new malware, dubbed "Milum," can take control of industrial devices.
By Dark Reading Staff , 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
How to Secure Your Kubernetes Deployments
Gadi Naor, CTO and Co-Founder, AlcideCommentary
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
By Gadi Naor CTO and Co-Founder, Alcide, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
8 Infosec Page-Turners for Days Spent Indoors
Kelly Sheridan, Staff Editor, Dark Reading
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
By Kelly Sheridan Staff Editor, Dark Reading, 3/23/2020
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Cybersecurity Crossword Puzzle
Edge Editors, Dark Reading
Here's a little something to snuggle up with if you're on lockdown.
By Edge Editors Dark Reading, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Michal Bar, Head of Cybersecurity Professional Services at CylusCommentary
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
By Michal Bar Head of Cybersecurity Professional Services at Cylus, 3/16/2020
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
By Kelly Sheridan Staff Editor, Dark Reading, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
What Cybersecurity Pros Really Think About Artificial Intelligence
Ericka Chickowski, Contributing Writer
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
By Ericka Chickowski Contributing Writer, 3/13/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
How the Rise of IoT Is Changing the CISO Role
Phil Neray, VP of IoT & Industrial Cybersecurity at CyberXCommentary
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
By Phil Neray VP of IoT & Industrial Cybersecurity at CyberX, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Siemens Shares Incident Response Playbook for Energy Infrastructure
Dark Reading Staff, Quick Hits
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
By Dark Reading Staff , 3/6/2020
Comment1 Comment  |  Read  |  Post a Comment
NSS Labs Revises Endpoint Security Test Model
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2020
Comment0 comments  |  Read  |  Post a Comment
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Dark Reading Staff, Quick Hits
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
By Dark Reading Staff , 3/2/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing WriterNews
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
By Robert Lemos Contributing Writer, 2/26/2020
Comment6 comments  |  Read  |  Post a Comment
Report: Shadow IoT Emerging as New Enterprise Security Problem
Jai Vijayan, Contributing WriterNews
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
By Jai Vijayan Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.