Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How to Decipher InfoSec Job Titles' Mysteries
8 Cybersecurity Themes to Expect at Black Hat USA 2020
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Q&A: How Systemic Racism Weakens Cybersecurity
COVID-19: Latest Security News & Commentary
News & Commentary
The Race to Hack a Satellite at DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Boeing's DEF CON Debut a Sign of the Times
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to "embrace" the hacker community.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Secure Development Takes a (Remote) Village
Guy Podjarny, CEO & Cofounder, SnykCommentary
The shift to work from home isn't just about giving your Dev team the physical tools they need.
By Guy Podjarny CEO & Cofounder, Snyk, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
NSA & FBI Disclose New Russian Cyberespionage Malware
Dark Reading Staff, Quick Hits
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
By Dark Reading Staff , 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Eric Parizo, Senior Analyst, OmdiaCommentary
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
By Eric Parizo Senior Analyst, Omdia, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Security Jobs With a Future -- And Ones on the Way Out
Joan Goodchild, Contributing Writer
Some titles are hot, while others are not, amid rapidly shifting business priorities.
By Joan Goodchild Contributing Writer, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Heather Federman, VP of Privacy & Policy at BigIDCommentary
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
By Heather Federman VP of Privacy & Policy at BigID, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Adaptive Shield Emerges From Stealth
Jai Vijayan, Contributing WriterNews
Israeli startup joins growing number of vendors offering platform for detecting and mitigating common configuration errors in cloud environments.
By Jai Vijayan Contributing Writer, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Return Brings New Tactics & Evasion Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
FireEye Announces New Bug-Bounty Program
Dark Reading Staff, Quick Hits
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Using 'Data for Good' to Control the Pandemic
Neil Sweeney, Founder & CEO, KilliCommentary
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
By Neil Sweeney Founder & CEO, Killi, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
SANS Security Training Firm Hit with Data Breach
Dark Reading Staff, Quick Hits
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
By Dark Reading Staff , 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: 'Rise' and Shine
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 8/12/2020
Comment5 comments  |  Read  |  Post a Comment
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Patrick Carey, Vice President Product Management, ExopriseCommentary
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
By Patrick Carey Vice President Product Management, Exoprise, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Trick Facial-Recognition Systems
Jai Vijayan, Contributing WriterNews
Goal was to see if computer-generated images that look like one person would get classified as another person.
By Jai Vijayan Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
Robert Lemos, Contributing WriterNews
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
By Robert Lemos Contributing Writer, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Symmetry Systems Emerges from Stealth
Dark Reading Staff, Quick Hits
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Dark Reading Staff, Quick Hits
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Some titles are hot, while others are not, amid rapidly shifting business priorities.
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: They said you could use Zoom anywhere.......
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24330
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
CVE-2020-24331
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
CVE-2020-24332
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
CVE-2020-0261
PUBLISHED: 2020-08-13
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14605...
CVE-2020-17498
PUBLISHED: 2020-08-13
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Flash Poll
Video
Slideshows
Twitter Feed