Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
New Proposed DNS Security Features Released
Unpatched Browsers Abound, Study Shows
COVID-19: Latest Security News & Commentary
News & Commentary
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Michele Commentary
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
By Michele "MB" Bettencourt Executive Chairperson, Corelight, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
Jai Vijayan, Contributing WriterNews
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
By Jai Vijayan Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Open Source Flaws Take Years to Find But Just a Month to Fix
Robert Lemos, Contributing WriterNews
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
By Robert Lemos Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in the Biden Administration: Experts Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security pros and former government employees share their expectations and concerns for the new administration and their hope for a "return to normal."
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Dark Reading Staff, Quick Hits
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
By Dark Reading Staff , 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Loyal Employee ... or Cybercriminal Accomplice?
Pam Baker, Contributing Writer
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
By Pam Baker Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security Slipup Exposes Health Records & Lab Results
Dark Reading Staff, Quick Hits
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
By Dark Reading Staff , 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Avi Shua, Co-Founder, Orca SecurityCommentary
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
By Avi Shua Co-Founder, Orca Security, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Free Mobile App Measures Your Personal Cyber Risk
Steve Zurier, Contributing WriterNews
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
By Steve Zurier Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Unmanaged Devices Heighten Risks for School Networks
Jai Vijayan, Contributing WriterNews
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K12 school networks.
By Jai Vijayan Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious or Vulnerable Docker Images Widespread, Firm Says
Robert Lemos, Contributing WriterNews
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
By Robert Lemos Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
SASE 101: Why All the Buzz?
Jennifer Bosavage, Editor In Chief, Solution Providers for Retail
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
By Jennifer Bosavage Editor In Chief, Solution Providers for Retail, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Sander Vinberg, Threat Research Evangelist at F5 LabsCommentary
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
By Sander Vinberg Threat Research Evangelist at F5 Labs, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Call Fraud Operator Ordered to Pay $9M to Victims
Dark Reading Staff, Quick Hits
Indian national will serve 20 years in prison for running a large call center fraud operation.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Ivanti Acquires MobileIron & Pulse Secure
Dark Reading Staff, Quick Hits
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
Dark Reading Staff, News
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Former NSS Labs CEO Launches New Security Testing Organization
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Can't Afford a Full-time CISO? Try the Virtual Version
John Roman, President and COO of FoxPointe SolutionsCommentary
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
By John Roman President and COO of FoxPointe Solutions, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6017
PUBLISHED: 2020-12-03
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code ...
CVE-2020-6021
PUBLISHED: 2020-12-03
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DL...
CVE-2020-6111
PUBLISHED: 2020-12-03
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and...
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
Flash Poll
Video
Slideshows
Twitter Feed