Risk // Compliance
News & Commentary
7 In 10 Businesses Struggle To Sustain PCI Compliance
Jai Vijayan, Freelance writerNews
Maintaining PCI compliance is a bigger challenge that achieving it for many companies, Verizon study finds.
By Jai Vijayan Freelance writer, 3/12/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, Director of Strategy & Innovation, MTM TechnologiesCommentary
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman Director of Strategy & Innovation, MTM Technologies, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Anthem Refuses To Let Inspector General Conduct Full Security Audit
Dark Reading Staff, Quick Hits
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.
By Sara Peters Senior Editor at Dark Reading, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
Obama Calls For 30-Day Breach Notification Policy For Hacked Companies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/12/2015
Comment12 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Security Practices Insurance Underwriters Demand
Natalie Lehr, Co-Founder & VP Analytics, TSC AdvantageCommentary
Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
By Natalie Lehr Co-Founder & VP Analytics, TSC Advantage, 12/11/2014
Comment3 comments  |  Read  |  Post a Comment
The Real Cost of Cyber Incidents, According To Insurers
Sara Peters, Senior Editor at Dark ReadingNews
Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report.
By Sara Peters Senior Editor at Dark Reading, 12/3/2014
Comment3 comments  |  Read  |  Post a Comment
OCR Audits: Don’t Fall Victim To Past Mistakes
Mark Fulford, Partner at LBMC’s Security & Risk ServicesCommentary
The Office of Civil Rights is not out to get you. But it does expect you to make good-faith efforts at protecting patient data.
By Mark Fulford Partner at LBMC’s Security & Risk Services, 11/21/2014
Comment2 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
NOAA Blames China In Hack, Breaks Disclosure Rules
Sara Peters, Senior Editor at Dark ReadingNews
The National Oceanic and Atmospheric Administration finally confirms that four websites were attacked and taken down in September, but details are sketchy and officials want answers.
By Sara Peters Senior Editor at Dark Reading, 11/13/2014
Comment2 comments  |  Read  |  Post a Comment
Cyberspace Expands Threat Matrix
Patience Wait, News
National security experts warn there is no privacy or security any more.
By Patience Wait , 11/3/2014
Comment1 Comment  |  Read  |  Post a Comment
Financial Breaches Show ‘Trust Model’ Is Broken
Bob West, Chief Trust Officer, CipherCloudCommentary
It’s a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
By Bob West Chief Trust Officer, CipherCloud, 10/31/2014
Comment7 comments  |  Read  |  Post a Comment
Chipmaker Disables Counterfeits With Software Update
Jai Vijayan, Freelance writerNews
FTDI's update, targeting counterfeit chips, could disable systems widely embedded in healthcare, critical infrastructure, and consumer products.
By Jai Vijayan Freelance writer, 10/28/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.