Risk // Compliance
News & Commentary
Yahoo Demands Government Be More Transparent About Data Requests
Dark Reading Staff, Quick Hits
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
By Dark Reading Staff , 10/20/2016
Comment0 comments  |  Read  |  Post a Comment
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Dark Reading Staff, Quick Hits
Proposed standards will require financial firms to recover from any cyberattack within two hours.
By Dark Reading Staff , 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
Sara Peters, Senior Editor at Dark ReadingNews
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
By Sara Peters Senior Editor at Dark Reading, 10/17/2016
Comment1 Comment  |  Read  |  Post a Comment
G7 Nations Plan To Team Up To Tackle Financial Cybercrime
Dark Reading Staff, Quick Hits
Group of Seven nations new guidelines include sharing updates by governments, private firms and regulators, plus joint address of shortfalls.
By Dark Reading Staff , 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentaryy
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
Grading Obama: C+
Administration Missed Key Opportunities To Civilize Cyberspace
Tom Kellermann,  CEO & Cofounder, Strategic Cyber Ventures Commentaryy
A middling grade because the President's cyber policy initiatives were reactive, laisse faire, and didnt buttress American economic opportunity.
By Tom Kellermann CEO & Cofounder, Strategic Cyber Ventures , 10/3/2016
Comment0 comments  |  Read  |  Post a Comment
Grading Obama: D-
President Failed To Protect Us From The Bad Guys
Leo Taddeo, CSO, CryptzoneCommentaryy
A barely passing grade from a former special agent in charge of the NYC FBI cybercrimes division for failing to create deterrents and policies that encourage self defense.
By Leo Taddeo CSO, Cryptzone, 10/3/2016
Comment0 comments  |  Read  |  Post a Comment
6 Ways To Prepare For The EUs GDPR
Jai Vijayan, Freelance writerNews
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
By Jai Vijayan Freelance writer, 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Toughens Customer Security With New Mandatory Rules
Dark Reading Staff, Quick Hits
Measures to include set of core safety standards and assurance framework requiring annual self-attestation by SWIFT members.
By Dark Reading Staff , 9/28/2016
Comment0 comments  |  Read  |  Post a Comment
Yahoo Sued By User Over 2014 Hacking
Dark Reading Staff, Quick Hits
New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts.
By Dark Reading Staff , 9/27/2016
Comment0 comments  |  Read  |  Post a Comment
Yahoo Breach: US Senator Seeks SEC Role In Probe
Dark Reading Staff, Quick Hits
Democrat Mark Warner asks US Securities and Exchange Commission to investigate whether Yahoo completed obligations post breach discovery.
By Dark Reading Staff , 9/27/2016
Comment0 comments  |  Read  |  Post a Comment
10 Ways To Lock Down Third-Party Risk
Steve Zurier, Freelance Writer
Experts share ideas for closing potential security holes that leave organizations open to attack.
By Steve Zurier Freelance Writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Rand Study: Average Data Breach Costs $200K, Not Millions
Terry Sweeney, Contributing EditorNews
Rand taps multiple data sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.
By Terry Sweeney Contributing Editor, 9/21/2016
Comment2 comments  |  Read  |  Post a Comment
San Bernardino iPhone Hack: Media Agencies Sue FBI For Vendor Details
Dark Reading Staff, Quick Hits
Associated Press and two others invoke Freedom of Information Act against the government seeking details of secret transaction.
By Dark Reading Staff , 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security
Kelly Sheridan, Associate Editor, InformationWeekNews
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices.
By Kelly Sheridan Associate Editor, InformationWeek, 9/16/2016
Comment1 Comment  |  Read  |  Post a Comment
New Book Traces Obama Strategy To Protect America From Hackers, Terrorists & Nation States
Wilson Alexander, Writer, Student & AthleteCommentaryy
A review of Charlie Mitchell's 'Hacked: The Inside Story of Americas Struggle to Secure Cyberspace.'
By Wilson Alexander Writer, Student & Athlete, 9/12/2016
Comment0 comments  |  Read  |  Post a Comment
3 Golden Rules For Managing Third-Party Security Risk
Linn Freedman, Chair, Data Privacy+Security practice, Robinson+ColeCommentaryy
Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
By Linn Freedman Chair, Data Privacy+Security practice, Robinson+Cole, 9/1/2016
Comment1 Comment  |  Read  |  Post a Comment
Critical Infrastructure: The Next Cyber-Attack Target
Alex Campbell, Director, EY EMEIA Advisory Centre - CybersecurityCommentaryy
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
By Alex Campbell Director, EY EMEIA Advisory Centre - Cybersecurity, 8/29/2016
Comment0 comments  |  Read  |  Post a Comment
3 Takeaways From The HEI Hotels And Oracle MICROS Breaches
Jai Vijayan, Freelance writerNews
Attacks another reminder of the fragility of the US payment system.
By Jai Vijayan Freelance writer, 8/18/2016
Comment0 comments  |  Read  |  Post a Comment
Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing
Terry Sweeney, Contributing EditorNews
Researchers from Rapid7 at DefCon will demonstrate vulnerabilities that allow attackers to turn point-of-sale devices into keyboards
By Terry Sweeney Contributing Editor, 8/2/2016
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.