Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

COVID-19: Latest Security News & Commentary
The Wild, Wild West(world) of Cybersecurity
8 Infosec Page-Turners for Days Spent Indoors
Dark Reading Cybersecurity Crossword Puzzle
State of Cybersecurity Incident Response
News & Commentary
How Do I Make Sure My Work-From-Home Users Install Updates?
Edge Editors, Dark Reading
Most enterprise endpoint solutions will support policies to enforce recommended updates.
By Kurtis Minder, CEO of GroupSense: For corporate assets, most enterprise endpoint solutions will support policies to enforce the recommended updates for those machines. , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Mature DevOps Teams Are Secure DevOps Teams
Dark Reading Staff, Quick Hits
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Dark Reading Staff, Quick Hits
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Using Application Telemetry to Reveal Insider & Evasive Threats
Andy Hawkins, Field CTOCommentary
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
By Andy Hawkins Field CTO, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 4/7/2020
Comment4 comments  |  Read  |  Post a Comment
9 Security Podcasts Worth Tuning In To
Kelly Sheridan, Staff Editor, Dark Reading
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
More Attackers Have Begun Using Zero-Day Exploits
Jai Vijayan, Contributing WriterNews
Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.
By Jai Vijayan Contributing Writer, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Misconfigured Containers Again Targeted by Cryptominer Malware
Robert Lemos, Contributing WriterNews
An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.
By Robert Lemos Contributing Writer, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Emotet Attack Shut Down an Entire Business Network
Kelly Sheridan, Staff Editor, Dark ReadingNews
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
By Kelly Sheridan Staff Editor, Dark Reading, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of BEC Dangers
Dark Reading Staff, Quick Hits
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Mozilla Patches Two Critical Zero-Days in Firefox
Dark Reading Staff, Quick Hits
The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Why Humans Are Phishing's Weakest Link
Tim Sadler, CEO and co-founder of TessianCommentary
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
By Tim Sadler CEO and co-founder of Tessian, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.
By Kelly Sheridan Staff Editor, Dark Reading, 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Soothing Security Products We Wish Existed
Curtis Franklin Jr., Senior Editor at Dark Reading
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
This Is Not Your Father's Ransomware
Joan Goodchild, Contributing Writer
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
By Joan Goodchild Contributing Writer, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters
Jai Vijayan, Contributing WriterNews
With COVID-19 concerns running high, attackers are trying new tactics to get to users.
By Jai Vijayan Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by unturista
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
Posted by futurocoches
Current Conversations how covid has changed the rules...
In reply to: covid
Post Your Own Reply
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Most enterprise endpoint solutions will support policies to enforce recommended updates.
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed