Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

COVID-19: Latest Security News & Commentary
The Wild, Wild West(world) of Cybersecurity
8 Infosec Page-Turners for Days Spent Indoors
Dark Reading Cybersecurity Crossword Puzzle
State of Cybersecurity Incident Response
News & Commentary
COVID-19: Latest Security News & Commentary
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
By Dark Reading Staff , 4/2/2020
Comment1 Comment  |  Read  |  Post a Comment
New Magecart Skimmer Infects 19 Victim Websites
Dark Reading Staff, Quick Hits
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Best Practices to Manage Third-Party Cyber-Risk Today
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Researchers Focus on Zoom App's Security
Robert Lemos, Contributing WriterNews
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Leverage Excel File Encryption to Deliver Malware
Jai Vijayan, Contributing WriterNews
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
By Jai Vijayan Contributing Writer, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Attacks Hit the Mainstream
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
By Jason Crabtree CEO & Co-Founder, QOMPLX, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Alerts Healthcare to Human-Operated Ransomware
Dark Reading Staff, News
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
By Dark Reading Staff , 4/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?
Edge Editors, Dark Reading
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
By Edge Editors Dark Reading, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
The SOC Emergency Room Faces Malware Pandemic
Avi Chesla, CEO and Founder, empowCommentary
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
By Avi Chesla CEO and Founder, empow, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Major Cloud, CDN Providers Join Secure Routing Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack
Jai Vijayan, Contributing WriterNews
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
By Jai Vijayan Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Why Third-Party Risk Management Has Never Been More Important
Jake Olcott, VP of Communications & Government Affairs, Bitsight TechnologiesCommentary
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
By Jake Olcott VP of Communications & Government Affairs, Bitsight Technologies, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Patching Poses Security Problems with Move to More Remote Work
Robert Lemos, Contributing WriterNews
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
By Robert Lemos Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Palo Alto Networks to Buy CloudGenix for $420M
Dark Reading Staff, Quick Hits
Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Does the 2020 Online Census Account for Security Risk?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by emmawatson02020
Current Conversations Such a nice post.. I appreciate you...
In reply to: Reply
Post Your Own Reply
Posted by SoniaWilson
Current Conversations Nice Post
In reply to: Nice Post
Post Your Own Reply
More Conversations
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.
As cyber defenses improve, adversaries are shifting to stealthy "living-off-the-land" attacks that use targets' own tools against them. Here are some tips to defend your turf.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11458
PUBLISHED: 2020-04-02
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from databas...
CVE-2020-8015
PUBLISHED: 2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed