First US Federal CISO Shares Security Lessons Learned
11/29/2017Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Author
Profile of Kelly Sheridan
Staff Editor, Dark Reading Member Since: 11/15/2013Author
News & Commentary Posts: 555
Comments: 4
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
Articles by Kelly Sheridan
posted in November 2017
posted in November 2017
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Post a Comment
Uber's Security Slip-ups: What Went Wrong
11/27/2017The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
Post a Comment
Uber Paid Hackers $100K to Conceal 2016 Data Breach
11/22/2017The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Post a Comment
A Call for Greater Regulation of Digital Currencies
11/21/2017A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Post a Comment
Researcher Finds Hole in Windows ASLR Security Defense
11/20/2017A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
Post a Comment
Terdot Banking Trojan Spies on Email, Social Media
11/16/2017Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
Post a Comment
Fred Kwong: The Psychology of Being a CISO
11/15/2017Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
Post a Comment
Insider Threats: Red Flags and Best Practices
11/15/2017Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Post a Comment
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
11/14/2017Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Post a Comment
New Banking Trojan Similar to Dridex, Zeus, Gozi
11/13/2017IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
Post a Comment
New Locky Ransomware Takes Another Turn
11/10/2017A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Post a Comment
Data Breach Record Exposure Up 305% from 2016
11/8/2017There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
Post a Comment
Burnout, Culture Drive Security Talent Out the Door
11/7/2017Security's efforts to bridge the talent gap mean little when workers don't want to stay in the industry.
Post a Comment
Less Than One-Third of People Use Two-Factor Authentication
11/7/2017The number of 2FA users is still lower than expected, but most adopters started voluntarily, researchers found.
Post a Comment
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
11/6/2017Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
Post a Comment
8 Older Companies Doing New Things in Security
11/6/2017These organizations have been around for a while but aren't slowing down on security releases.
Post a Comment
Hackers Poison Google Search Results to Deliver Zeus Panda
11/3/2017Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
Post a Comment
Social Engineer Spills Tricks of the Trade
11/2/2017A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
Post a Comment
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
11/1/2017Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
Post a Comment
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This