Risk // Compliance
News & Commentary
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
Survival Tips For The Security Skills Shortage
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 6/12/2015
Comment5 comments  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Metrics: It’s All Relative
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What a haircut taught me about communicating the value of security to executives and non-security professionals.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 6/9/2015
Comment2 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And it’s only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Today’s enterprise security solutions don’t do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment1 Comment  |  Read  |  Post a Comment
7 In 10 Businesses Struggle To Sustain PCI Compliance
Jai Vijayan, Freelance writerNews
Maintaining PCI compliance is a bigger challenge that achieving it for many companies, Verizon study finds.
By Jai Vijayan Freelance writer, 3/12/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, VP of Strategy and InnovationCommentary
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman VP of Strategy and Innovation, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Anthem Refuses To Let Inspector General Conduct Full Security Audit
Dark Reading Staff, Quick Hits
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.
By Sara Peters Senior Editor at Dark Reading, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!