Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of LumuCommentary
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
By Ricardo Villadiego Founder and CEO of Lumu, 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability in Wireless Router Chipsets Prompts Advisory
Dark Reading Staff, Quick Hits
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
By Dark Reading Staff , 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Matias Madou, CTO and co-founder, Secure Code WarriorCommentary
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
By Matias Madou CTO and co-founder, Secure Code Warrior, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Dan Hubbard, CEO at LaceworkCommentary
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
By Dan Hubbard CEO at Lacework, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 9/28/2020
Comment3 comments  |  Read  |  Post a Comment
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, AmericasCommentary
How getting online learning right today will protect schools, and the communities they serve, for years to come.
By James Lui Ericom Group CTO, Americas, 9/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
Kelly Sheridan, Staff Editor, Dark ReadingNews
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Getting Over the Security-to-Business Communication Gap in DevSecOps
Ericka Chickowski, Contributing WriterNews
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
By Ericka Chickowski Contributing Writer, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 9/25/2020
Comment22 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Instagram Flaw Could Let Attackers Spy on Victims
Kelly Sheridan, Staff Editor, Dark ReadingNews
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Warns of Attackers Now Exploiting 'Zerologon' Flaw
Dark Reading Staff, Quick Hits
The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild.
By Dark Reading Staff , 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark ReadingNews
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing WriterNews
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.
By Robert Lemos Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Programs See Signups & Payouts Surge
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Extends Data Loss Prevention to Cloud App Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Permission Management & the Goldilocks Conundrum
Dotan Bar Noy, Co-Founder and CEO, AuthomizeCommentary
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
By Dotan Bar Noy Co-Founder and CEO, Authomize, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Work Exacerbating Data Sprawl
Robert Lemos, Contributing WriterNews
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.
By Robert Lemos Contributing Writer, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by JohnHammond
Current Conversations Nice article!
In reply to: Great!
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4629
PUBLISHED: 2020-09-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
CVE-2019-17098
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
CVE-2020-15731
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-5132
PUBLISHED: 2020-09-30
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN au...
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...