Risk //


News & Commentary
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There's a lot at stake when it comes to patching the hardware flaws.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2018
Comment5 comments  |  Read  |  Post a Comment
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Mike McConnell & Patrick Gorman, Mike McConnell & Patrick GormanCommentary
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
By Mike McConnell & Patrick Gorman Mike McConnell & Patrick Gorman, 1/3/2018
Comment1 Comment  |  Read  |  Post a Comment
CISO Holiday Miracle Wish List
Ericka Chickowski, Contributing Writer, Dark Reading
If CISOs could make a wish to solve a problem, these would be among the top choices.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Businesses Fail in Risk Modeling and Management: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
By Kelly Sheridan Associate Editor, Dark Reading, 12/18/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Compliance: The Less You Spend the More You Pay
Jai Vijayan, Freelance writerNews
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
By Jai Vijayan Freelance writer, 12/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Meets 'Grey's Anatomy'
Tom & Natalie Pageler, Neustar CRO & CSO, and MD Stanford UniversityCommentary
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
By Tom & Natalie Pageler Neustar CRO & CSO, and MD Stanford University, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuthCommentary
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
By Danielle Jackson Chief Information Security Officer, SecureAuth, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Time to Pull an Uber and Disclose Your Data Breach Now
Joseph Carson, Chief Security Scientist, ThycoticCommentary
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
By Joseph Carson Chief Security Scientist, Thycotic, 11/22/2017
Comment1 Comment  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
How Law Firms Can Make Information Security a Higher Priority
Tom Cross, Chief Technology Officer of OPAQ NetworksCommentary
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
By Tom Cross Chief Technology Officer of OPAQ Networks, 11/8/2017
Comment1 Comment  |  Read  |  Post a Comment
What's Next after the SEC 'Insider Trading' Breach?
David L. Axelrod and Terence M. Grugan, Partner, Ballard SpahrCommentary
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
By David L. Axelrod and Terence M. Grugan Partner, Ballard Spahr, 10/19/2017
Comment0 comments  |  Read  |  Post a Comment
What's Next After HTTPS: A Fully Encrypted Web?
Guy Podjarny, CEO & Cofounder, SnykCommentary
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
By Guy Podjarny CEO & Cofounder, Snyk, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
Sara Peters, Senior Editor at Dark Reading
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
By Sara Peters Senior Editor at Dark Reading, 10/16/2017
Comment1 Comment  |  Read  |  Post a Comment
GDPR Concerns Include 'Where's My Data Stored?'
Ericka Chickowski, Contributing Writer, Dark ReadingNews
European data protection regulations are coming like a freight train and many firms are still unprepared.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/11/2017
Comment0 comments  |  Read  |  Post a Comment
Central Banks Propose Better Inter-Bank Security
Dark Reading Staff, Quick Hits
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
By Dark Reading Staff , 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR & the Rise of the Automated Data Protection Officer
Terry Ray, Chief Technology Officer, ImpervaCommentary
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
By Terry Ray Chief Technology Officer, Imperva, 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
By Ben Johnson Co-founder and CTO, Obsidian Security, 9/14/2017
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
CISOs' No. 1 Concern in 2018: The Talent Gap
Dawn Kawamoto, Associate Editor, Dark Reading,  1/10/2018
'Back to Basics' Might Be Your Best Security Weapon
Lee Waskevich, Vice President, Security Solutions at ePlus Technology,  1/10/2018
How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.