Risk // Compliance
News & Commentary
After Election Interference, RSA Conference Speakers Ask What Comes Next
Sara Peters, Senior Editor at Dark ReadingNews
Election-tampering called 'a red line we should not allow anyone to cross.'
By Sara Peters Senior Editor at Dark Reading, 2/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'
Sara Peters, Senior Editor at Dark ReadingQuick Hits
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
By Sara Peters Senior Editor at Dark Reading, 2/14/2017
Comment0 comments  |  Read  |  Post a Comment
National Security, Regulation, Identity Top Themes At Cloud Security Summit
Sara Peters, Senior Editor at Dark ReadingNews
Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
By Sara Peters Senior Editor at Dark Reading, 2/13/2017
Comment0 comments  |  Read  |  Post a Comment
Talking Cybersecurity From A Risk Management Point of View
Steven Grossman, VP of Strategy & Enablement, Bay DynamicsCommentary
CenturyLink CSO David Mahon reflects on the evolution of the chief information security officer, and why todays CISOs are increasingly adopting a risk-based approach to security.
By Steven Grossman VP of Strategy & Enablement, Bay Dynamics, 2/3/2017
Comment5 comments  |  Read  |  Post a Comment
This Week On Dark Reading
Dark Reading Staff, Commentary
This week: how to get paid by cyber insurers and avoid paying ransoms.
By Dark Reading Staff , 1/30/2017
Comment0 comments  |  Read  |  Post a Comment
Why Youre Doing Cybersecurity Risk Measurement Wrong
Daniel Gordon, Cyber Intel Analyst, Lockheed Martin Computer Incident Response TeamCommentary
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
By Daniel Gordon Cyber Intel Analyst, Lockheed Martin Computer Incident Response Team, 1/30/2017
Comment0 comments  |  Read  |  Post a Comment
US Seeks To Intervene In Case Against Privacy Shield
Dark Reading Staff, Quick Hits
Digital Rights Ireland has challenged the data transfer pact raising questions of its ability to protect EU privacy.
By Dark Reading Staff , 1/20/2017
Comment0 comments  |  Read  |  Post a Comment
Credit Freeze: The New Normal In Data Breach Protection?
Lysa Myers, Security Researcher, ESETCommentary
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
By Lysa Myers Security Researcher, ESET, 1/11/2017
Comment1 Comment  |  Read  |  Post a Comment
FTC Charges D-Link With Unsecure Routers And IP Cameras
Dark Reading Staff, Quick Hits
Federal Trade Commission voices concerns in US district court that D-Link products had put consumers' privacy at risk.
By Dark Reading Staff , 1/6/2017
Comment0 comments  |  Read  |  Post a Comment
44% Of Companies Miss Breach Reporting Deadlines
Dark Reading Staff, Quick Hits
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
By Dark Reading Staff , 12/20/2016
Comment0 comments  |  Read  |  Post a Comment
Ashley Madison To Pay $17.5 Million In Breach Settlement
Dark Reading Staff, Quick Hits
Ashley Madison was found guilty of lax data security and also corrupt practices including photo and profile misuse.
By Dark Reading Staff , 12/15/2016
Comment2 comments  |  Read  |  Post a Comment
Why Video Game Publishers Must Adopt Enforceable Security Standards
Matthew Cook, Co-founder, Panopticon LaboratoriesCommentary
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
By Matthew Cook Co-founder, Panopticon Laboratories, 12/9/2016
Comment4 comments  |  Read  |  Post a Comment
How Retailers Can Fight Holiday Season Hackers
Steve Zurier, Freelance Writer
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
By Steve Zurier Freelance Writer, 12/8/2016
Comment0 comments  |  Read  |  Post a Comment
Petition Forces Parliament To Reconsider Surveillance Bill
Dark Reading Staff, Quick Hits
100,000 signatures require MPs to consider debating Snoopers' Charter again.
By Dark Reading Staff , 11/28/2016
Comment0 comments  |  Read  |  Post a Comment
178 Arrested In Money Mule Crackdown
Dark Reading Staff, Quick Hits
Total of 17 countries involved in second European effort to disrupt cybercriminals' money laundering mechanism.
By Dark Reading Staff , 11/22/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe To Pay $1 Million Compensation In Data Breach Case
Dark Reading Staff, Quick Hits
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
By Dark Reading Staff , 11/17/2016
Comment5 comments  |  Read  |  Post a Comment
Security Experts Call For Regulation On IoT Cybersecurity
Sara Peters, Senior Editor at Dark ReadingNews
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
By Sara Peters Senior Editor at Dark Reading, 11/16/2016
Comment5 comments  |  Read  |  Post a Comment
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
Sara Peters, Senior Editor at Dark ReadingNews
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
By Sara Peters Senior Editor at Dark Reading, 11/9/2016
Comment2 comments  |  Read  |  Post a Comment
China Passes Controversial Cybersecurity Law
Dark Reading Staff, Quick Hits
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
By Dark Reading Staff , 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Ed Amoroso, CEO, TAG Cyber LLCCommentary
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
By Ed Amoroso CEO, TAG Cyber LLC, 11/4/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.