First US Federal CISO Shares Security Lessons Learned
11/29/2017Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Author
Profile of Kelly Sheridan
Staff Editor, Dark Reading Member Since: 11/15/2013Author
News & Commentary Posts: 443
Comments: 4
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
Articles by Kelly Sheridan
posted in November 2017
posted in November 2017
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Uber's Security Slip-ups: What Went Wrong
11/27/2017The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Post a Comment
Uber Paid Hackers $100K to Conceal 2016 Data Breach
11/22/2017The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Post a Comment
A Call for Greater Regulation of Digital Currencies
11/21/2017A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Post a Comment
Researcher Finds Hole in Windows ASLR Security Defense
11/20/2017A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
Post a Comment
Terdot Banking Trojan Spies on Email, Social Media
11/16/2017Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
Post a Comment
Fred Kwong: The Psychology of Being a CISO
11/15/2017Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
Post a Comment
Insider Threats: Red Flags and Best Practices
11/15/2017Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Post a Comment
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
11/14/2017Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Post a Comment
New Banking Trojan Similar to Dridex, Zeus, Gozi
11/13/2017IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
Post a Comment
New Locky Ransomware Takes Another Turn
11/10/2017A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Post a Comment
Data Breach Record Exposure Up 305% from 2016
11/8/2017There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
Post a Comment
Burnout, Culture Drive Security Talent Out the Door
11/7/2017Security's efforts to bridge the talent gap mean little when workers don't want to stay in the industry.
Post a Comment
Less Than One-Third of People Use Two-Factor Authentication
11/7/2017The number of 2FA users is still lower than expected, but most adopters started voluntarily, researchers found.
Post a Comment
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
11/6/2017Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
Post a Comment
8 Older Companies Doing New Things in Security
11/6/2017These organizations have been around for a while but aren't slowing down on security releases.
Post a Comment
Hackers Poison Google Search Results to Deliver Zeus Panda
11/3/2017Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
Post a Comment
Social Engineer Spills Tricks of the Trade
11/2/2017A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
Post a Comment
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
11/1/2017Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
Post a Comment
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15504
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
From DHS/US-CERT's National Vulnerability Database CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This