Risk // Compliance
News & Commentary
Cybersecurity Insurance: 4 Practical Considerations
Ilia Kolochenko, CEO, High-Tech BridgeCommentary
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
By Ilia Kolochenko CEO, High-Tech Bridge, 10/12/2015
Comment2 comments  |  Read  |  Post a Comment
Chipping Away At Credit Card Fraud With EMV
Deborah Baxley, Principal, Cards & Payments, Capgemini Financial ServicesCommentary
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But it’s not the silver bullet that will instantly stop all cybercrime.
By Deborah Baxley Principal, Cards & Payments, Capgemini Financial Services, 10/8/2015
Comment1 Comment  |  Read  |  Post a Comment
What The EU’s Safe Harbor Ruling Means For Data Privacy In The Cloud
Michael Fey, President & COO, Blue CoatCommentary
The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Here’s how to begin to prepare for the fallout.
By Michael Fey President & COO, Blue Coat, 10/6/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing The Challenges Of Software Assurance For Connected Cars
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
By Anna Chiang Technical Marketing Manager, Perforce Software, 9/28/2015
Comment1 Comment  |  Read  |  Post a Comment
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 9/25/2015
Comment3 comments  |  Read  |  Post a Comment
Information Security Lessons From Literature
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 9/15/2015
Comment1 Comment  |  Read  |  Post a Comment
What Ashley Madison Can Teach The Rest Of Us About Data Security
Mohan Koo, CEO & Co-founder, Dtex SystemsCommentary
For a company whose offering can best be described as discretion-as-a-service, using anything less than state-of-the-art threat detection capabilities is inexcusable.
By Mohan Koo CEO & Co-founder, Dtex Systems, 9/10/2015
Comment1 Comment  |  Read  |  Post a Comment
The Security Of Applications And CISOs' Sanity, With Veracode's Chris Wysopal
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Veracode's Chris Wysopal visits the Dark Reading News Desk at Black Hat to discuss application security, what CISOs' top priorities are, and what they should be.
By Sara Peters Senior Editor at Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
FTC to Black Hat Attendees: Help Us Make Good Tech Policy
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
The FTC’s chief technologist made a direct appeal to security, privacy, and technology communities to get involved and help shape tech laws and policies.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Defending Industrial Ethernet Switches Is Not Easy, But Doable
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Attacks and vulnerabilities against ICS and SCADA can be detected and monitored if operational folks know their network infrastructure.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 8/6/2015
Comment0 comments  |  Read  |  Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
Survival Tips For The Security Skills Shortage
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 6/12/2015
Comment5 comments  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Metrics: It’s All Relative
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What a haircut taught me about communicating the value of security to executives and non-security professionals.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 6/9/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.