News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Quick Hits  |  1/17/2019  | 
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Commentary  |  1/16/2019  | 
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Report: Bots Add Volume to Account Takeover Attacks
Quick Hits  |  1/15/2019  | 
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
Why Cyberattacks Are the No. 1 Risk
Commentary  |  1/15/2019  | 
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
Radiflow: New Approach for Classifying OT Attack Flaws
Quick Hits  |  1/14/2019  | 
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Commentary  |  1/14/2019  | 
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
Government Shutdown Brings Certificate Lapse Woes
Quick Hits  |  1/11/2019  | 
Among the problems: TLS certificates are expiring and websites are becoming inaccessible.
Who Takes Responsibility for Cyberattacks in the Cloud?
News  |  1/11/2019  | 
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
New Software Side-Channel Attack Raises Risk for Captured Crypto
News  |  1/10/2019  | 
The new attack hits operating systems, not chips, and may give criminals the keys to a company's cryptography.
Ryuk Ransomware Attribution May Be Premature
News  |  1/10/2019  | 
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.
Election Security Isn't as Bad as People Think
Commentary  |  1/10/2019  | 
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
Google: G Suite Now Alerts Admins to Data Exfiltration
Quick Hits  |  1/10/2019  | 
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.
6 Best Practices for Managing an Online Educational Infrastructure
Commentary  |  1/10/2019  | 
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
Security Concerns Limit Remote Work Opportunities
Quick Hits  |  1/9/2019  | 
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation
News  |  1/8/2019  | 
This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
Your Life Is the Attack Surface: The Risks of IoT
Commentary  |  1/8/2019  | 
To protect yourself, you must know where you're vulnerable and these tips can help.
Humana Breaches Reflect Chronic Credential Theft in Healthcare
News  |  1/8/2019  | 
A series of 2018 cybersecurity incidents shows credential stuffing is a trend to watch among healthcare organizations.
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Stronger DNS Security Stymies Would-Be Criminals
News  |  1/7/2019  | 
2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Commentary  |  1/7/2019  | 
We need more stringent controls and government action to prevent a catastrophic disaster.
How Intel Has Responded to Spectre and Meltdown
Slideshows  |  1/4/2019  | 
In a newly published editorial and video, Intel details what specific actions it has taken in the wake of the discovery of the CPU vulnerabilities.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Microsoft's 'Project Bali' Wants to Let You Control Your Data
News  |  1/4/2019  | 
Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.
Redefining Critical Infrastructure for the Age of Disinformation
Commentary  |  1/3/2019  | 
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Commentary  |  1/2/2019  | 
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
Start Preparing Now for the Post-Quantum Future
Commentary  |  12/28/2018  | 
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Commentary  |  12/27/2018  | 
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
7 Business Metrics Security Pros Need to Know
Slideshows  |  12/21/2018  | 
These days, security has to speak the language of business. These KPIs will get you started.
Criminals Move Markets to Remain in the Shadows
News  |  12/21/2018  | 
While malware families and targets continue to evolve, the most important shift might be happening in the background.
How to Optimize Security Spending While Reducing Risk
Commentary  |  12/20/2018  | 
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
Privacy Futures: Fed-up Consumers Take Their Data Back
Commentary  |  12/19/2018  | 
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
Facebook Data Deals Extend to Microsoft, Amazon, Netflix
Quick Hits  |  12/19/2018  | 
An explosive new report sheds light on data-sharing deals that benefited 150 companies as Facebook handed over unknowing users' information.
DOJ Announces Indictment in Nigerian Banking Scam
Quick Hits  |  12/19/2018  | 
International investment scam laundered funds through US bank accounts before being sent to Nigeria.
When Cryptocurrency Falls, What Happens to Cryptominers?
News  |  12/18/2018  | 
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Twitter Hack May Have State-Sponsored Ties
Quick Hits  |  12/18/2018  | 
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Cyber Readiness Institute Launches New Program for SMBs
News  |  12/17/2018  | 
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
News  |  12/17/2018  | 
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
News  |  12/11/2018  | 
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20735
PUBLISHED: 2019-01-17
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only...
CVE-2019-0624
PUBLISHED: 2019-01-17
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVE-2019-0646
PUBLISHED: 2019-01-17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVE-2019-0647
PUBLISHED: 2019-01-17
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
CVE-2018-20727
PUBLISHED: 2019-01-17
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.