Risk // Compliance
News & Commentary
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Florida Law Aims To Tighten Data Security
Alison Diana, Senior EditorCommentary
Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information.
By Alison Diana Senior Editor, 7/7/2014
Comment10 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Internet Of Things: Current Privacy Policies Don't Work
Marc Loewenthal, Director, Promontory Financial GroupCommentary
Traditional ways to deliver privacy guidelines, such as online postings or click-through mechanisms, don't work with the Internet of Things.
By Marc Loewenthal Director, Promontory Financial Group, 6/30/2014
Comment4 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
Compliance: The Surprising Gift Of Windows XP
Glenn S. Phillips, Commentary
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
By Glenn S. Phillips , 6/3/2014
Comment3 comments  |  Read  |  Post a Comment
Healthcare IT Security Worse Than Retail, Study Says
Alison Diana, Senior EditorCommentary
Bad news for healthcare community: New study shows retailers like Target and eBay are more secure than many healthcare organizations.
By Alison Diana Senior Editor, 5/28/2014
Comment21 comments  |  Read  |  Post a Comment
Government Hiring Practices Hamper Cybersecurity Efforts
Patience Wait, Commentary
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
By Patience Wait , 5/20/2014
Comment4 comments  |  Read  |  Post a Comment
Cisco CEO: U.S. Should Reform Surveillance Rules
Michael Endler, Associate Editor, InformationWeek.comCommentary
Cisco CEO John Chambers says his company does not enable NSA spying, and that the U.S. government must establish proper policies.
By Michael Endler Associate Editor, InformationWeek.com, 5/15/2014
Comment5 comments  |  Read  |  Post a Comment
Government Surveillance Criticism Heats Up
Thomas Claburn, Editor-at-LargeCommentary
As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed.
By Thomas Claburn Editor-at-Large, 5/14/2014
Comment5 comments  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
A New Approach to Endpoint Security: Think ‘Positive’
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
It's time to move away from traditional blacklisting models that define what should be restricted and implicitly allow everything else.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 5/9/2014
Comment10 comments  |  Read  |  Post a Comment
FTC Must Disclose Consumer Data Security Standards
William Jackson, Technology WriterCommentary
A company accused by the FTC of failing to provide adequate data security has the right to know the required security standards, administrative judge rules.
By William Jackson Technology Writer, 5/8/2014
Comment2 comments  |  Read  |  Post a Comment
Study: Many UK Retail, Financial Firms Still Don't Understand Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Despite recent breaches, many UK retailers and financial firms haven't upgraded their online security strategies.
By Tim Wilson Editor in Chief, Dark Reading, 5/8/2014
Comment0 comments  |  Read  |  Post a Comment
Tech Preps Healthcare Organizations For Lawsuits
Alison Diana, Senior EditorCommentary
Healthcare organizations spend and worry more about litigation and regulations than their counterparts in many other industries, study finds. Specialized software helps.
By Alison Diana Senior Editor, 5/1/2014
Comment1 Comment  |  Read  |  Post a Comment
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
Federal IT Security Policies Must Be User Friendly
James Bindseil, President & CEO, GlobalscapeCommentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil President & CEO, Globalscape, 4/16/2014
Comment2 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.