Risk // Compliance
News & Commentary
Petition Forces Parliament To Reconsider Surveillance Bill
Dark Reading Staff, Quick Hits
100,000 signatures require MPs to consider debating Snoopers' Charter again.
By Dark Reading Staff , 11/28/2016
Comment0 comments  |  Read  |  Post a Comment
178 Arrested In Money Mule Crackdown
Dark Reading Staff, Quick Hits
Total of 17 countries involved in second European effort to disrupt cybercriminals' money laundering mechanism.
By Dark Reading Staff , 11/22/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe To Pay $1 Million Compensation In Data Breach Case
Dark Reading Staff, Quick Hits
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
By Dark Reading Staff , 11/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Security Experts Call For Regulation On IoT Cybersecurity
Sara Peters, Senior Editor at Dark ReadingNews
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
By Sara Peters Senior Editor at Dark Reading, 11/16/2016
Comment4 comments  |  Read  |  Post a Comment
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
Sara Peters, Senior Editor at Dark ReadingNews
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
By Sara Peters Senior Editor at Dark Reading, 11/9/2016
Comment2 comments  |  Read  |  Post a Comment
China Passes Controversial Cybersecurity Law
Dark Reading Staff, Quick Hits
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
By Dark Reading Staff , 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Ed Amoroso, CEO, TAG Cyber LLCCommentary
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
By Ed Amoroso CEO, TAG Cyber LLC, 11/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Dark Reading Staff, Quick Hits
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
By Dark Reading Staff , 11/1/2016
Comment0 comments  |  Read  |  Post a Comment
US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force
Sara Peters, Senior Editor at Dark ReadingNews
Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
By Sara Peters Senior Editor at Dark Reading, 10/31/2016
Comment1 Comment  |  Read  |  Post a Comment
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Staff, CommentaryVideo
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
By Dark Reading Staff , 10/31/2016
Comment0 comments  |  Read  |  Post a Comment
Yahoo Demands Government Be More Transparent About Data Requests
Dark Reading Staff, Quick Hits
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
By Dark Reading Staff , 10/20/2016
Comment0 comments  |  Read  |  Post a Comment
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Dark Reading Staff, Quick Hits
Proposed standards will require financial firms to recover from any cyberattack within two hours.
By Dark Reading Staff , 10/20/2016
Comment2 comments  |  Read  |  Post a Comment
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
Sara Peters, Senior Editor at Dark ReadingNews
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
By Sara Peters Senior Editor at Dark Reading, 10/17/2016
Comment1 Comment  |  Read  |  Post a Comment
G7 Nations Plan To Team Up To Tackle Financial Cybercrime
Dark Reading Staff, Quick Hits
Group of Seven nations new guidelines include sharing updates by governments, private firms and regulators, plus joint address of shortfalls.
By Dark Reading Staff , 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
Grading Obama: C+
Administration Missed Key Opportunities To Civilize Cyberspace
Tom Kellermann,  CEO & Cofounder, Strategic Cyber Ventures Commentary
A middling grade because the President's cyber policy initiatives were reactive, laisse faire, and didnt buttress American economic opportunity.
By Tom Kellermann CEO & Cofounder, Strategic Cyber Ventures , 10/3/2016
Comment0 comments  |  Read  |  Post a Comment
Grading Obama: D-
President Failed To Protect Us From The Bad Guys
Leo Taddeo, CSO, CryptzoneCommentary
A barely passing grade from a former special agent in charge of the NYC FBI cybercrimes division for failing to create deterrents and policies that encourage self defense.
By Leo Taddeo CSO, Cryptzone, 10/3/2016
Comment0 comments  |  Read  |  Post a Comment
6 Ways To Prepare For The EUs GDPR
Jai Vijayan, Freelance writerNews
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
By Jai Vijayan Freelance writer, 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Toughens Customer Security With New Mandatory Rules
Dark Reading Staff, Quick Hits
Measures to include set of core safety standards and assurance framework requiring annual self-attestation by SWIFT members.
By Dark Reading Staff , 9/28/2016
Comment0 comments  |  Read  |  Post a Comment
Yahoo Sued By User Over 2014 Hacking
Dark Reading Staff, Quick Hits
New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts.
By Dark Reading Staff , 9/27/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.