First US Federal CISO Shares Security Lessons Learned
11/29/2017Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Author
Profile of Kelly Sheridan
Staff Editor, Dark Reading Member Since: 11/15/2013Author
News & Commentary Posts: 517
Comments: 4
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
Articles by Kelly Sheridan
posted in November 2017
posted in November 2017
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Uber's Security Slip-ups: What Went Wrong
11/27/2017The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Post a Comment
Uber Paid Hackers $100K to Conceal 2016 Data Breach
11/22/2017The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Post a Comment
A Call for Greater Regulation of Digital Currencies
11/21/2017A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Post a Comment
Researcher Finds Hole in Windows ASLR Security Defense
11/20/2017A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
Post a Comment
Terdot Banking Trojan Spies on Email, Social Media
11/16/2017Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
Post a Comment
Fred Kwong: The Psychology of Being a CISO
11/15/2017Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
Post a Comment
Insider Threats: Red Flags and Best Practices
11/15/2017Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Post a Comment
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
11/14/2017Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Post a Comment
New Banking Trojan Similar to Dridex, Zeus, Gozi
11/13/2017IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
Post a Comment
New Locky Ransomware Takes Another Turn
11/10/2017A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Post a Comment
Data Breach Record Exposure Up 305% from 2016
11/8/2017There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
Post a Comment
Burnout, Culture Drive Security Talent Out the Door
11/7/2017Security's efforts to bridge the talent gap mean little when workers don't want to stay in the industry.
Post a Comment
Less Than One-Third of People Use Two-Factor Authentication
11/7/2017The number of 2FA users is still lower than expected, but most adopters started voluntarily, researchers found.
Post a Comment
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
11/6/2017Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
Post a Comment
8 Older Companies Doing New Things in Security
11/6/2017These organizations have been around for a while but aren't slowing down on security releases.
Post a Comment
Hackers Poison Google Search Results to Deliver Zeus Panda
11/3/2017Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
Post a Comment
Social Engineer Spills Tricks of the Trade
11/2/2017A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
Post a Comment
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
11/1/2017Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: New camera 2FA closed loop!
Latest Comment: New camera 2FA closed loop!
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20050
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
PUBLISHED: 2018-12-10
From DHS/US-CERT's National Vulnerability Database CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This