Risk // Compliance
News & Commentary
Shellshock & Why EHRs Need Updating
Michael A.M. Davies, Founder & Chairman, Endeavour PartnersCommentary
Nearly half of all security breaches occur in healthcare, and outdated medical records systems make data more vulnerable. An up-to-date EHR system can help solve security concerns, save money, and improve patient care.
By Michael A.M. Davies Founder & Chairman, Endeavour Partners, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Compliance Is A Start, Not The End
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
4 ID Management Tips For Better Breach Resistance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
AT&T insider attack case highlights the need for strong privileged identity management practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment1 Comment  |  Read  |  Post a Comment
DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The SAFETY Act can offer a layer of legal protection for cyber security vendors, providers, and enterprise security policies in the wake of an attack, an attorney says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Tokenization: 6 Reasons The Card Industry Should Be Wary
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 10/7/2014
Comment4 comments  |  Read  |  Post a Comment
How Cookie-Cutter Cyber Insurance Falls Short
Kevin Smith, VP, The Graham CompanyCommentary
Many off-the-shelf cyber liability policies feature a broad range of exclusions that won’t protect your company from a data breach or ransomware attack.
By Kevin Smith VP, The Graham Company, 10/6/2014
Comment9 comments  |  Read  |  Post a Comment
FDA Pushes To Improve Medical Device Security
Jai Vijayan, Freelance writerCommentary
Cyber attacks pose a grave threat to the integrity of healthcare services, agency says.
By Jai Vijayan Freelance writer, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
DoE Preps Privacy Standards For Smart Grid
Jai Vijayan, Freelance writerCommentary
Department of Energy has released a set of voluntary privacy recommendations for smart grid owners, operators, and third parties; industry stakeholders have until October 14 to comment on draft.
By Jai Vijayan Freelance writer, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
Stephen Boyer, CTO & Founder, BitSight TechnologiesCommentary
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
By Stephen Boyer CTO & Founder, BitSight Technologies, 9/24/2014
Comment5 comments  |  Read  |  Post a Comment
5 Ways To Think Outside The PCI Checkbox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New PCI Council GM plans to help organizations move their practices beyond compliance mentality into risk-based security.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment6 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
In Cloud We Trust: A New Model
Evelyn De Souza & Richard Noguera, Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, CiscoCommentary
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
By Evelyn De Souza & Richard Noguera Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, Cisco, 9/4/2014
Comment11 comments  |  Read  |  Post a Comment
Why Are Security Pros Blasé About Compliance?
François Amigorena, Founder & CEO, IS DecisionsCommentary
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
By François Amigorena Founder & CEO, IS Decisions, 8/29/2014
Comment22 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
US House Inspector General: IT Audit Activist
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
At the 2014 GRC Conference, House IG Theresa Grafenstine argues internal auditors must be more forward looking -- and explains why being exempt from regulations just makes her job harder.
By David F Carr Editor, InformationWeek Government/Healthcare, 8/20/2014
Comment4 comments  |  Read  |  Post a Comment
Cybersecurity: How Involved Should Boards Of Directors Be?
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Security audit groups ISACA and IIA weigh in on what role the board of directors should play in an enterprise's cybersecurity strategies.
By David F Carr Editor, InformationWeek Government/Healthcare, 8/19/2014
Comment7 comments  |  Read  |  Post a Comment
Why Patching Makes My Heart Bleed
John Rostern, CRISC, QSA, VP Technology Audit & Advisory Services, CoalfireCommentary
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
By John Rostern CRISC, QSA, VP Technology Audit & Advisory Services, Coalfire, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
Cyber Risk Dashboards: False Sense Of Control?
(ISC)2 Writers Bureau, Commentary
Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly.
By (ISC)2 Writers Bureau , 8/12/2014
Comment2 comments  |  Read  |  Post a Comment
The Hyperconnected World Has Arrived
Michael Sutton, VP Security Research, ZscalerCommentary
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
By Michael Sutton VP Security Research, Zscaler, 8/8/2014
Comment6 comments  |  Read  |  Post a Comment
Wearables In Healthcare: Privacy Rules Needed
Alison Diana, Senior EditorCommentary
Johns Hopkins patient privacy violation didn't involve Google Glass or wearables but indicates why the healthcare industry must head off trouble with wearables in clinical settings.
By Alison Diana Senior Editor, 7/23/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.