News & Commentary

Latest Content tagged with Compliance
Page 1 / 2   >   >>
Yahoo Agrees to $80 Million Settlement with Investors
Quick Hits  |  3/8/2018
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
FTC Settles with Venmo on Security Allegations
Quick Hits  |  2/28/2018
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Quick Hits  |  2/14/2018
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018
The biggest security problems inside your company may result from problems it inherited.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018
Here are six key measures for enterprises to prioritize over the next few months.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
PCI DSS Adds Standard for Software-based PIN Entry
Quick Hits  |  1/24/2018
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
News  |  1/8/2018
There's a lot at stake when it comes to patching the hardware flaws.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Commentary  |  1/3/2018
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
CISO Holiday Miracle Wish List
Slideshows  |  12/22/2017
If CISOs could make a wish to solve a problem, these would be among the top choices.
Be a More Effective CISO by Aligning Security to the Business
Partner Perspectives  |  12/21/2017
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Businesses Fail in Risk Modeling and Management: Report
News  |  12/18/2017
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
Security Compliance: The Less You Spend the More You Pay
News  |  12/12/2017
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Gartner: IT Security Spending to Reach $96 Billion in 2018
News  |  12/8/2017
Identity access management and security services to drive worldwide spending growth.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
'Goldilocks' Legislation Aims to Clean up IoT Security
Partner Perspectives  |  11/9/2017
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
GDPR Concerns Include 'Where's My Data Stored?'
News  |  10/11/2017
European data protection regulations are coming like a freight train and many firms are still unprepared.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
News  |  8/28/2017
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Can Your Risk Assessment Stand Up Under Scrutiny?
Partner Perspectives  |  7/27/2017
Weak risk assessments have gotten a pass up until now, but that may be changing.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Dealing with Due Diligence
Commentary  |  7/12/2017
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
News  |  7/6/2017
Significant compromises are not just feared, but expected, Black Hat attendees say.
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Commentary  |  5/25/2017
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
You Have One Year to Make GDPR Your Biggest Security Victory Ever
News  |  5/25/2017
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Page 1 / 2   >   >>

Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.