Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10 iOS Security Tips to Lock Down Your iPhone
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Election Security in the Age of Social Distancing
7 Ways Parents Can Better Protect Their Online-Gamer Offspring
COVID-19: Latest Security News & Commentary
News & Commentary
Many Exchange Servers Are Still Vulnerable to Remote Exploit
Robert Lemos, Contributing WriterNews
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
By Robert Lemos Contributing Writer, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
Social Distancing for Healthcare's IoT Devices
Ori Bach, CEO of TrapX SecurityCommentary
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
By Ori Bach CEO of TrapX Security, 6/3/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 6/3/2020
Comment11 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Mobile Phishing Attacks Increase Sharply
Jai Vijayan, Contributing WriterNews
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.
By Jai Vijayan Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Fall Short on Mandatory Reporting of Cybercrimes
Robert Lemos, Contributing WriterNews
Understaffed and under fire, companies fail to report cybercrimes even when they are legally obligated to notify authorities, results of a new survey show.
By Robert Lemos Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Risk Assessment & the Human Condition
Joshua Goldfarb, Independent ConsultantCommentary
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
By Joshua Goldfarb Independent Consultant, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Thycotic Buys Onion ID to Extend PAM Portfolio
Dark Reading Staff, Quick Hits
The acquisition brings three new products into Thycotic's privileged access management lineup.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
For now, security teams face freezes in projects and hiring - and budget cuts, security industry analysts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Banking on Data Security in a Time of Insecurity
Dan DeMers, CEO of CinchyCommentary
How banks can maintain security and data integrity in the middle of a pandemic.
By Dan DeMers CEO of Cinchy, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
Jai Vijayan, Contributing WriterNews
Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.
By Jai Vijayan Contributing Writer, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Pays Researcher $100,000 for Critical Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Dark Reading Staff, Quick Hits
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
By Dark Reading Staff , 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
Robert Lemos, Contributing WriterNews
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
By Robert Lemos Contributing Writer, 6/1/2020
Comment0 comments  |  Read  |  Post a Comment
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRockCommentary
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.
By Peter Barker Chief Product Officer at ForgeRock, 6/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Bank of America Security Incident Affects PPP Applicants
Dark Reading Staff, Quick Hits
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing WriterNews
Mobile providers don't often update users when applications are not supported by developers, security firm says.
By Robert Lemos Contributing Writer, 5/29/2020
Comment5 comments  |  Read  |  Post a Comment
Cisco Announces Patches to SaltStack
Dark Reading Staff, Quick Hits
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Distancing with Microsegmentation
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
By Trevor Pott Product Marketing Director at Juniper Networks, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4177
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732.
CVE-2020-4180
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735.
CVE-2020-4182
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738.
CVE-2020-4187
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805.
CVE-2020-4190
PUBLISHED: 2020-06-03
IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.
Flash Poll
Video
Slideshows
Twitter Feed