Risk // Compliance
News & Commentary
EU, US Agree On New Data Transfer Pact, But Will It Hold?
Sara Peters, Senior Editor at Dark ReadingNews
So long Safe Harbor, hello 'Privacy Shield.'
By Sara Peters Senior Editor at Dark Reading, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
No Safe Harbor Is Coming -- CISA Made Sure Of It
Sara Peters, Senior Editor at Dark ReadingNews
It's time to take your data classification procedures more seriously. If not, that helpful information-sharing you did in the US could cost you hefty fines for privacy violations in the European Union.
By Sara Peters Senior Editor at Dark Reading, 1/22/2016
Comment3 comments  |  Read  |  Post a Comment
7 Criteria For Enriching Digital Evidence
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
Context is the essential ingredient that is missing from many digital forensic investigations.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 1/11/2016
Comment3 comments  |  Read  |  Post a Comment
Four Tips For Enabling Better Collaboration On Security Programs
Jai Vijayan, Freelance writerNews
It’s not really about whether the CISO or CIO is in charge. It’s about making someone accountable for security that’s really critical
By Jai Vijayan Freelance writer, 1/10/2016
Comment0 comments  |  Read  |  Post a Comment
On Heels of Oracle Settlement, FTC Burns Company For Security Practices
Dark Reading Staff, Quick Hits
Federal Trade Commission sticks medical software developer with $250,000 bill for lying about encryption capabilities.
By Dark Reading Staff , 1/7/2016
Comment0 comments  |  Read  |  Post a Comment
When RATs Become a Social Engineer’s Best Friend
Uri Rivner, Co-Founder, Head of Cyber Strategy, BioCatchCommentary
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
By Uri Rivner Co-Founder, Head of Cyber Strategy, BioCatch, 12/18/2015
Comment0 comments  |  Read  |  Post a Comment
An Ill ‘Wynd’ Blowing But No Safe Harbor
James Bindseil, President & CEO, GlobalscapeCommentary
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
By James Bindseil President & CEO, Globalscape, 12/16/2015
Comment0 comments  |  Read  |  Post a Comment
How ‘Digital Forensic Readiness’ Reduces Business Risk
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 12/11/2015
Comment3 comments  |  Read  |  Post a Comment
The Power of Prevention: What SMBs Need to Know About Cybersecurity
Gustavo Zeidan, Chief Technology Officer, Vijilan SecurityCommentary
There is no such thing as a company that can't afford security. But where do you start?
By Gustavo Zeidan Chief Technology Officer, Vijilan Security, 12/4/2015
Comment5 comments  |  Read  |  Post a Comment
How CISOs Can Change The Game of Cybersecurity
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 12/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Parsing What Is ‘Reasonable’ In Security, Post FTC v Wyndham
Tony Porras, Cyber Security & Compliance AttorneyCommentary
In today's regulatory climate, companies can no longer depend on technology solutions alone – for example, SIEM -- to protect corporate data and customer privacy. Here's why.
By Tony Porras Cyber Security & Compliance Attorney, 11/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Point of Entry: The Missing Link in the Security Hiring Gap
Jamesha Fisher, DevOps Security PirateCommentary
How misguided notions of capability and lack of access to enterprise tools discourage diversity in Infosec.
By Jamesha Fisher DevOps Security Pirate, 11/12/2015
Comment1 Comment  |  Read  |  Post a Comment
States’ Cybersecurity Readiness Presents “Grim Picture” Pell Study Finds
Jai Vijayan, Freelance writerNews
Just eight states of 50 fared decently in a Pell study on their preparedness to deal with current and emerging cyberthreats.
By Jai Vijayan Freelance writer, 11/6/2015
Comment1 Comment  |  Read  |  Post a Comment
What The Boardroom Thinks About Data Breach Liability
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Most public companies subscribe to cybersecurity insurance of some sort, and 90% say third-party software vendors should be held liable for vulnerabilities in their code.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/6/2015
Comment1 Comment  |  Read  |  Post a Comment
The Evolving Security Budget: 3 New Ways CISOs Prioritize Spending
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows increased spending and shifting priorities
By Ericka Chickowski Contributing Writer, Dark Reading, 11/4/2015
Comment0 comments  |  Read  |  Post a Comment
Kicking Off A New Era For Policing Cybersecurity
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
In the wake of FTC v. Wyndham, government agencies are becoming more aggressive about protecting corporate data and customer privacy. But the new rules are very much a work in progress.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 11/3/2015
Comment3 comments  |  Read  |  Post a Comment
Cybersecurity Insurance: 4 Practical Considerations
Ilia Kolochenko, CEO, High-Tech BridgeCommentary
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
By Ilia Kolochenko CEO, High-Tech Bridge, 10/12/2015
Comment3 comments  |  Read  |  Post a Comment
Chipping Away At Credit Card Fraud With EMV
Deborah Baxley, Principal, Cards & Payments, Capgemini Financial ServicesCommentary
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But it’s not the silver bullet that will instantly stop all cybercrime.
By Deborah Baxley Principal, Cards & Payments, Capgemini Financial Services, 10/8/2015
Comment1 Comment  |  Read  |  Post a Comment
What The EU’s Safe Harbor Ruling Means For Data Privacy In The Cloud
Michael Fey, President & COO, Blue CoatCommentary
The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Here’s how to begin to prepare for the fallout.
By Michael Fey President & COO, Blue Coat, 10/6/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing The Challenges Of Software Assurance For Connected Cars
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
By Anna Chiang Technical Marketing Manager, Perforce Software, 9/28/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The latest security upgrade to the OPM site
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.