Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Dark Reading Staff,
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
By Dark Reading Staff , 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Troy Hunt: Organizations Make Security Choices Tough for Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Securing the Internet of Things in the Age of Quantum Computing
Dr. Charles Grover, Cryptography Researcher, Crypto QuantiqueCommentary
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
By Dr. Charles Grover Cryptography Researcher, Crypto Quantique, 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
DoD Lets Researchers Target All Publicly Accessible Info Systems
Dark Reading Staff, Quick Hits
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
By Dark Reading Staff , 5/5/2021
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches for Webkit Security Flaws
Dark Reading Staff, Quick Hits
The vulnerabilities may already be under active attack, Apple says in an advisory.
By Dark Reading Staff , 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
By Steve Zurier Contributing Writer, 4/30/2021
Comment1 Comment  |  Read  |  Post a Comment
Researchers Connect Complex Specs to Software Vulnerabilities
Robert Lemos, Contributing WriterNews
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
By Robert Lemos Contributing Writer, 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
Dark Reading Staff, Quick Hits
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
By Dark Reading Staff , 4/29/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment17 comments  |  Read  |  Post a Comment
Pandemic Drives Greater Need for Endpoint Security
Dark Reading Staff, Quick Hits
Endpoint security has changed. Can your security plan keep up?
By Dark Reading Staff , 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Dark Reading to Upgrade Site Design, Performance
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Improvements will make site content easier to navigate, faster, and more functional.
By Tim Wilson, Editor in Chief, Dark Reading , 4/13/2021
Comment1 Comment  |  Read  |  Post a Comment
Cartoon Caption Winner: Something Seems Afoul
John Klossner, CartoonistCommentary
And the winner of Dark Readings's March cartoon caption contest is ...
By John Klossner Cartoonist, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
40% of Apps Leaking Information
Dark Reading Staff, Quick Hits
Apps in manufacturing most at risk, according to WhiteHat Security.
By Dark Reading Staff , 3/26/2021
Comment0 comments  |  Read  |  Post a Comment
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
Dark Reading Staff, Quick Hits
A decision on the order, which contains several recommendations, is still forthcoming.
By Dark Reading Staff , 3/25/2021
Comment0 comments  |  Read  |  Post a Comment
Lookout Acquires SASE Cloud Provider CipherCloud
Dark Reading Staff, Quick Hits
Deal signals a focus on the cloud for mobile security firm.
By Dark Reading Staff , 3/15/2021
Comment0 comments  |  Read  |  Post a Comment
Call Recorder iPhone App Flaw Uncovered
Dark Reading Staff, Quick Hits
Researcher finds thousands of recorded calls easily accessible to others.
By Dark Reading Staff , 3/10/2021
Comment0 comments  |  Read  |  Post a Comment
3 Security Flaws in Smart Devices & IoT That Need Fixing
Grigorii Markov, CEO, Cerber Tech Inc.Commentary
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
By Grigorii Markov CEO, Cerber Tech Inc., 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Under Attack: Hosting & Internet Service Providers
Marc Wilczek, Digital Strategist & COO of Link11Commentary
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
By Marc Wilczek Digital Strategist & COO of Link11, 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
Game Over: Stopping DDoS Attacks Before They Start
Philippe Alcoy, Cyber Security Technologist, APACCommentary
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
By Philippe Alcoy Cyber Security Technologist, APAC, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)