News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Who Does What in Cybersecurity at the C-Level
Slideshows  |  3/16/2018
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Palo Alto Buys to Secure the Cloud
News  |  3/15/2018
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
How to Interpret the SECs Latest Guidance on Data Breach Disclosure
Partner Perspectives  |  3/14/2018
Forward-looking organizations should view this as an opportunity to reevaluate their cybersecurity posture and install best practices that should have already been in place.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Yahoo Agrees to $80 Million Settlement with Investors
Quick Hits  |  3/8/2018
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
News  |  3/8/2018
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue.
Second Ransomware Round Hits Colorado DOT
Quick Hits  |  3/6/2018
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks.
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
Commentary  |  3/6/2018
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work. Goes Away, Panic Ensues
Quick Hits  |  3/5/2018
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
6 Questions to Ask Your Cloud Provider Right Now
Slideshows  |  3/5/2018
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
A Sneak Peek at the New NIST Cybersecurity Framework
Partner Perspectives  |  3/2/2018
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.
'Chafer' Uses Open Source Tools to Target Iran's Enemies
News  |  3/1/2018
Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.
Phishers Target Social Media
News  |  3/1/2018
Financial institutions still the number one target, according to a new report by RiskIQ.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
FTC Settles with Venmo on Security Allegations
Quick Hits  |  2/28/2018
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Visa: EMV Cards Drove 70% Decline in Fraud
Quick Hits  |  2/23/2018
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Best Practices for Recruiting & Retaining Women in Security
News  |  2/22/2018
Gender diversity can help fill the security talent gap, new Forrester Research report says.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Quick Hits  |  2/14/2018
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
Cyber Warranties: What to Know, What to Ask
News  |  2/9/2018
The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018
The biggest security problems inside your company may result from problems it inherited.
Security vs. Speed: The Risk of Rushing to the Cloud
News  |  2/6/2018
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
2017 Smashed World's Records for Most Data Breaches, Exposed Information
News  |  2/6/2018
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
Identity Fraud Hits All-Time High in 2017
News  |  2/6/2018
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
7 Ways to Maximize Your Security Dollars
Slideshows  |  2/5/2018
Budget and resource constraints can make it hard for you to meet security requirements, but there are ways you can stretch your budget.
Apple, Cisco, Allianz, Aon Partner in Cyber Risk Management
Quick Hits  |  2/5/2018
The four companies announced a tool for managing the cyber risk of ransomware and other malware-related threats.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018
Authentication security methods are getting better all the time, but they are still not infallible.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018
Here are six key measures for enterprises to prioritize over the next few months.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
News  |  1/29/2018
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.