Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
Cloud Security Architect Proves Hardest Infosec Role to Fill
Dark Reading Staff, Quick Hits
Nearly 70% of businesses struggle to recruit, hire, and retain cybersecurity talent, and many link security incidents to lack of skills.
By Dark Reading Staff , 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Q&A: Eugene Kaspersky on Tourism, the Pandemic, and Cybersecurity
Jai Vijayan, Contributing WriterNews
The CEO and co-founder of eponymously named security vendor has launched a new travel accelerator program amid the COVID-19 crisis.
By Jai Vijayan Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th
Edge Editors, Dark Reading
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
By Edge Editors Dark Reading, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Security & Trust Ratings Proliferate: Is That a Good Thing?
Robert Lemos, Contributing WriterNews
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.
By Robert Lemos Contributing Writer, 5/22/2020
Comment0 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Risks in Front-end Code
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
By Ido Safruti Co-founder & CTO, PerimeterX, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
By Dan Blum Cybersecurity & Risk Management Strategist, 5/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Long-Term Remote Work: Keeping Workers Productive & Secure
Joe Payne, President and CEO at Code42Commentary
The pandemic has changed how we get work done. Now, data security must catch up.
By Joe Payne President and CEO at Code42, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Security Pros: What My Nontraditional Background Brings to the Job
Ericka Chickowski, Contributing Writer
Job experience and degrees outside of the cybersecurity or IT world can provide invaluable diversity of thinking and problem-solving.
By Ericka Chickowski Contributing Writer, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Jim Ivers, VP within the Synopsys Software Integrity GroupCommentary
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
By Jim Ivers VP within the Synopsys Software Integrity Group, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Ensuring Business Continuity in Times of Crisis
Joan Pepin, CSO, Auth0Commentary
Three basic but comprehensive steps can help you and your organization get through adversity
By Joan Pepin CSO, Auth0, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
The Problem with Automating Data Privacy Technology
Chris Babel, CEO, TrustArcCommentary
Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.
By Chris Babel CEO, TrustArc, 5/13/2020
Comment0 comments  |  Read  |  Post a Comment
How Unconventional Professional Backgrounds Can Strengthen a Cybersecurity Team
Ericka Chickowski, Contributing WriterNews
Getting over the cybersecurity skills gap takes creativity, flexibility, and a willingness to go "off-script" when it comes to picking out candidates.
By Ericka Chickowski Contributing Writer, 5/13/2020
Comment0 comments  |  Read  |  Post a Comment
The Modern SOC Demands New Skills
Chris Triolo, Vice President of Customer Success, Respond SoftwareCommentary
Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.
By Chris Triolo Vice President of Customer Success, Respond Software, 5/12/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Struggle for Effective Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/8/2020
Comment5 comments  |  Read  |  Post a Comment
Cybersecurity Home School: Garfield Teaches Security
Curtis Franklin Jr., Senior Editor at Dark Reading
The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2020
Comment0 comments  |  Read  |  Post a Comment
Post-Pandemic Presentation Plans
Beyond the Edge, Dark Reading
Coming to a conference near you -- who knows when.
By Beyond the Edge Dark Reading, 5/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Stay-at-Home Students Offered Lessons to Boost Cybersecurity
Robert Lemos, Contributing WriterNews
Stuck at home with a primary- or secondary-school student? Organizations from professional training groups to national governments are teaming up to offer virtual cybersecurity training for teens -- in some cases, for free.
By Robert Lemos Contributing Writer, 5/4/2020
Comment0 comments  |  Read  |  Post a Comment
How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic
Joan Goodchild, Contributing Writer
Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.
By Joan Goodchild Contributing Writer, 5/4/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by EdWelsh
Current Conversations Very interesting)
In reply to: Great!
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11949
PUBLISHED: 2020-05-28
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
CVE-2020-11950
PUBLISHED: 2020-05-28
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
CVE-2020-13645
PUBLISHED: 2020-05-28
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verificat...
CVE-2020-13643
PUBLISHED: 2020-05-28
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be e...
CVE-2020-13644
PUBLISHED: 2020-05-28
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accord...