Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Mobile

News & Commentary
What Happens If Time Gets Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/11/2021
Comment0 comments  |  Read  |  Post a Comment
Who's In Your Wallet? Exploring Mobile Wallet Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
By Kelly Sheridan Staff Editor, Dark Reading, 10/25/2021
Comment0 comments  |  Read  |  Post a Comment
Research Highlights Significant Evolution in Email Security
Rik Turner, Principal Analyst, Emerging Technologies, OmdiaCommentary
Email security is in transition, from on-premises to the cloud, from inline to API-based, and from stand-alone to integrated into XDR. New research from Omdia highlights where the market is today, and where it is heading.
By Rik Turner Principal Analyst, Emerging Technologies, Omdia, 9/27/2021
Comment0 comments  |  Read  |  Post a Comment
Why Supply Chain Attacks Are Destined to Escalate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/5/2021
Comment0 comments  |  Read  |  Post a Comment
NSO Group Spyware Used On Journalists & Activists Worldwide
Dark Reading Staff, Quick Hits
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
By Dark Reading Staff , 7/19/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Kelly Sheridan, Staff Editor, Dark ReadingNews
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Dark Reading Staff, Quick Hits
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
By Dark Reading Staff , 7/15/2021
Comment0 comments  |  Read  |  Post a Comment
Why We Need to Raise the Red Flag Against FragAttacks
Amichai Shulman, CTO and Co-founder of AirEyeCommentary
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
By Amichai Shulman CTO and Co-founder of AirEye, 7/13/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Sight Unseen
John Klossner, CartoonistCommentary
And the winner of Dark Reading's June contest is ...
By John Klossner Cartoonist, 7/9/2021
Comment0 comments  |  Read  |  Post a Comment
Fake Android Apps Promise Cryptomining Services to Steal Funds
Dark Reading Staff, Quick Hits
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
By Dark Reading Staff , 7/7/2021
Comment0 comments  |  Read  |  Post a Comment
Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags
Robert Lemos, Contributing WriterNews
Microsoft maintains that exploitation of recent Dell vulnerabilities would be blocked on ultra-secure PCs - but most systems do not have the technology yet.
By Robert Lemos Contributing Writer, 7/2/2021
Comment0 comments  |  Read  |  Post a Comment
Amazon Acquires Secure Messaging Platform Wickr
Dark Reading Staff, Quick Hits
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.
By Dark Reading Staff , 6/25/2021
Comment0 comments  |  Read  |  Post a Comment
Survey Seeks to Learn How 2020 Changed Security
Dark Reading Staff, Quick Hits
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.
By Dark Reading Staff , 6/23/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sight Unseen
John Klossner, CartoonistCommentary
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/14/2021
Comment11 comments  |  Read  |  Post a Comment
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
Jai Vijayan, Contributing WriterNews
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
By Jai Vijayan Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Healthcare Device Security Firm COO Charged With Hacking Medical Center
Dark Reading Staff, Quick Hits
Vikas Singla, chief operating officer of security firm that provides products and services to the healthcare industry, faces charges surrounding a cyberattack he allegedly conducted against Duluth, Ga.-based Gwinnett Medical Center.
By Dark Reading Staff , 6/10/2021
Comment0 comments  |  Read  |  Post a Comment
New Security Event @Hack to Take Place in Saudi Arabia
Dark Reading Staff, Quick Hits
The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.
By Dark Reading Staff , 6/9/2021
Comment0 comments  |  Read  |  Post a Comment
FBI Issued Encrypted Devices to Capture Criminals
Dark Reading Staff, Quick Hits
A sting operation delivered devices into the hands of global criminals and used the intelligence gathered to stop drug crimes.
By Dark Reading Staff , 6/8/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Road Trip
John Klossner, CartoonistCommentary
And the winner of Dark Reading's cartoon caption contest is ...
By John Klossner Cartoonist, 6/7/2021
Comment0 comments  |  Read  |  Post a Comment
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Alan Bavosa, VP, Security Products, at AppdomeCommentary
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
By Alan Bavosa VP, Security Products, at Appdome, 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
LastPass by LogMeIn Delivers Enhanced Authentication Experience for Businesses
TeamViewer Survey: Businesses Prepare for Post-Pandemic 'Hybrid' Workforce with New Policies, Tech Infrastructure
Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program
All Mobile Networks Vulnerable to DoS, Impersonation & Fraud Cyberattacks Through GTP Protocol
APT Actors Shift to Mobile During Q1
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
HP Introduces New Printing Innovations and Security Enhancements that Simplify Fleet Security Management
Florida Poly Researcher Targets New Android cyber Attack
More Products & Releases
PR Newswire
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file