News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
Free New Scanner Aims to Protect Home Networks
Quick Hits  |  7/19/2018  | 
Free software pinpoints vulnerabilities and offers suggestions for remediation.
6 Ways to Tell an Insider Has Gone Rogue
Slideshows  |  7/19/2018  | 
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
Newly Found Spectre Variants Bring New Concerns
News  |  7/11/2018  | 
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Businesses Struggle to Build 'Security-First' Culture
News  |  7/10/2018  | 
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
Putin Pushes for Global Cybersecurity Cooperation
Quick Hits  |  7/6/2018  | 
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
New Malware Variant Hits With Ransomware or Cryptomining
Quick Hits  |  7/5/2018  | 
A new variant of old malware scans a system before deciding just how to administer pain.
UK Banks Must Produce Backup Plans for Cyberattacks
Quick Hits  |  7/5/2018  | 
Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.
Ransomware vs. Cryptojacking
Commentary  |  7/3/2018  | 
Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
There's No Automating Your Way Out of Security Hiring Woes
News  |  6/28/2018  | 
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
65% of Resold Memory Cards Still Pack Personal Data
News  |  6/28/2018  | 
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Ticketmaster UK Warns Thousands of Data Breach
Quick Hits  |  6/28/2018  | 
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Commentary  |  6/27/2018  | 
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Insider Dangers Are Hiding in Collaboration Tools
News  |  6/26/2018  | 
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
US Announces Arrests in Ghanian Fraud Schemes
Quick Hits  |  6/26/2018  | 
Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Midsized Organizations More Secure Than Large Ones
News  |  6/25/2018  | 
New report offers data and analysis as to why midsized organizations hit a cybersecurity sweet spot in terms of security efficacy.
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Quick Hits  |  6/21/2018  | 
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
News  |  6/13/2018  | 
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
Security Ratings Answer Big Questions in Cyber Insurance
News  |  6/11/2018  | 
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
6 Ways Greed Has a Negative Effect on Cybersecurity
Commentary  |  6/11/2018  | 
How the security industry can both make money and stay true to its core values, and why that matters.
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
News  |  6/7/2018  | 
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
DevSecOps Gains Enterprise Traction
News  |  6/7/2018  | 
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
In Pursuit of Cryptography's Holy Grail
Commentary  |  6/7/2018  | 
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Tax-Season Malware Campaign Delivers Trojan Via Email
Quick Hits  |  6/6/2018  | 
A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.
Panorays Debuts With $5 Million Investment
Quick Hits  |  6/5/2018  | 
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
The Breach Disclosure Double Standard
News  |  6/5/2018  | 
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Google Groups Misconfiguration Exposes Corporate Data
News  |  6/1/2018  | 
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.