Risk // Compliance
News & Commentary
US Seeks To Intervene In Case Against Privacy Shield
Dark Reading Staff, Quick Hits
Digital Rights Ireland has challenged the data transfer pact raising questions of its ability to protect EU privacy.
By Dark Reading Staff , 1/20/2017
Comment0 comments  |  Read  |  Post a Comment
Credit Freeze: The New Normal In Data Breach Protection?
Lysa Myers, Security Researcher, ESETCommentary
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
By Lysa Myers Security Researcher, ESET, 1/11/2017
Comment1 Comment  |  Read  |  Post a Comment
FTC Charges D-Link With Unsecure Routers And IP Cameras
Dark Reading Staff, Quick Hits
Federal Trade Commission voices concerns in US district court that D-Link products had put consumers' privacy at risk.
By Dark Reading Staff , 1/6/2017
Comment0 comments  |  Read  |  Post a Comment
44% Of Companies Miss Breach Reporting Deadlines
Dark Reading Staff, Quick Hits
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
By Dark Reading Staff , 12/20/2016
Comment0 comments  |  Read  |  Post a Comment
Ashley Madison To Pay $17.5 Million In Breach Settlement
Dark Reading Staff, Quick Hits
Ashley Madison was found guilty of lax data security and also corrupt practices including photo and profile misuse.
By Dark Reading Staff , 12/15/2016
Comment2 comments  |  Read  |  Post a Comment
Why Video Game Publishers Must Adopt Enforceable Security Standards
Matthew Cook, Co-founder, Panopticon LaboratoriesCommentary
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
By Matthew Cook Co-founder, Panopticon Laboratories, 12/9/2016
Comment4 comments  |  Read  |  Post a Comment
How Retailers Can Fight Holiday Season Hackers
Steve Zurier, Freelance Writer
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
By Steve Zurier Freelance Writer, 12/8/2016
Comment0 comments  |  Read  |  Post a Comment
Petition Forces Parliament To Reconsider Surveillance Bill
Dark Reading Staff, Quick Hits
100,000 signatures require MPs to consider debating Snoopers' Charter again.
By Dark Reading Staff , 11/28/2016
Comment0 comments  |  Read  |  Post a Comment
178 Arrested In Money Mule Crackdown
Dark Reading Staff, Quick Hits
Total of 17 countries involved in second European effort to disrupt cybercriminals' money laundering mechanism.
By Dark Reading Staff , 11/22/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe To Pay $1 Million Compensation In Data Breach Case
Dark Reading Staff, Quick Hits
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
By Dark Reading Staff , 11/17/2016
Comment5 comments  |  Read  |  Post a Comment
Security Experts Call For Regulation On IoT Cybersecurity
Sara Peters, Senior Editor at Dark ReadingNews
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
By Sara Peters Senior Editor at Dark Reading, 11/16/2016
Comment5 comments  |  Read  |  Post a Comment
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
Sara Peters, Senior Editor at Dark ReadingNews
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
By Sara Peters Senior Editor at Dark Reading, 11/9/2016
Comment2 comments  |  Read  |  Post a Comment
China Passes Controversial Cybersecurity Law
Dark Reading Staff, Quick Hits
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
By Dark Reading Staff , 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Ed Amoroso, CEO, TAG Cyber LLCCommentary
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
By Ed Amoroso CEO, TAG Cyber LLC, 11/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Dark Reading Staff, Quick Hits
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
By Dark Reading Staff , 11/1/2016
Comment0 comments  |  Read  |  Post a Comment
US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force
Sara Peters, Senior Editor at Dark ReadingNews
Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
By Sara Peters Senior Editor at Dark Reading, 10/31/2016
Comment1 Comment  |  Read  |  Post a Comment
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Staff, CommentaryVideo
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
By Dark Reading Staff , 10/31/2016
Comment0 comments  |  Read  |  Post a Comment
Yahoo Demands Government Be More Transparent About Data Requests
Dark Reading Staff, Quick Hits
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
By Dark Reading Staff , 10/20/2016
Comment0 comments  |  Read  |  Post a Comment
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Dark Reading Staff, Quick Hits
Proposed standards will require financial firms to recover from any cyberattack within two hours.
By Dark Reading Staff , 10/20/2016
Comment2 comments  |  Read  |  Post a Comment
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
Sara Peters, Senior Editor at Dark ReadingNews
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
By Sara Peters Senior Editor at Dark Reading, 10/17/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
Secure Application Development - New Best Practices
Secure Application Development - New Best Practices
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.