Network Computing Dark Reading

Advertise

Risk

News & Commentary

Privacy Ops: The New Nexus for CISOs & DPOs

Amit Ashbel, Security Evangelist, Cognigo

Commentary

No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.

By Amit Ashbel Security Evangelist, Cognigo, 2/18/2019

0 comments | Read | Post a Comment

Staffing Shortage Makes Vulnerabilities Worse

Quick Hits

Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.

By Dark Reading Staff , 2/15/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Again, why would anyone go INTO IT as a career choice to start with when you...

Post-Quantum Crypto Standards Aren’t All About the Math

Ericka Chickowski, Contributing Writer, Dark Reading

News

The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019

0 comments | Read | Post a Comment

Valentine's Emails Laced with Gandcrab Ransomware

Kelly Sheridan, Staff Editor, Dark Reading

News

In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.

By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019

2 comments | Read | Post a Comment

Latest Comment: BogdanSTORM, I had an encounter this week with Grandcrab 5.1 and unfortunately not even...

How to Create a Dream Team for the New Age of Cybersecurity

Commentary

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

By Gaurav Banga Founder and CEO, Balbix, 2/14/2019

0 comments | Read | Post a Comment

Security Spills: 9 Problems Causing the Most Stress

Security practitioners reveal what's causing them the most frustration in their roles.

By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019

0 comments | Read | Post a Comment

Scammers Fall in Love with Valentine's Day

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/13/2019

0 comments | Read | Post a Comment

Lessons Learned from a Hard-Hitting Security Review

Jaspreet Singh, founder and CEO of Druva

Commentary

Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.

By Jaspreet Singh founder and CEO of Druva, 2/13/2019

0 comments | Read | Post a Comment

Up to 100,000 Reported Affected in Landmark White Data Breach

News

Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.

By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Now whoever came up with this brilliant logic should be fired on the spot. ...

Identifying, Understanding & Combating Insider Threats

Ilan Paretsky, Chief Marketing Officer of Ericom

Commentary

Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?

By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019

0 comments | Read | Post a Comment

Malware Campaign Hides Ransomware in Super Mario Wrapper

Quick Hits

A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

By Dark Reading Staff , 2/8/2019

5 comments | Read | Post a Comment

Latest Comment: t_madison, This is an interesting point of view.

4 Payment Security Trends for 2019

Ellen Richey, Vice Chairman and Chief Risk Officer, Visa

Commentary

Visa's chief risk officer anticipates some positive changes ahead.

By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019

0 comments | Read | Post a Comment

When 911 Goes Down: Why Voice Network Security Must Be a Priority

Mykola Konrad, Vice President of Product Management, Ribbon Communications

Commentary

When there's a DDoS attack against your voice network, are you ready to fight against it?

By Mykola Konrad Vice President of Product Management, Ribbon Communications, 2/7/2019

2 comments | Read | Post a Comment

Latest Comment: brtech99, DDoS and TDoS attacks like the ones you cite are now exceeding a terabit of...

Consumers Care About Security - Sometimes

Quick Hits

New RSA Security survey shows a generation gap in concerns over cybersecurity and privacy.

By Dark Reading Staff , 2/6/2019

0 comments | Read | Post a Comment

4 Practical Questions to Ask Before Investing in AI

Ilia Kolochenko, CEO and Founder, High-Tech Bridge

Commentary

A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.

By Ilia Kolochenko CEO and Founder, High-Tech Bridge, 2/6/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, When an IBM 1400 card punch was new, when the System/360 wsa new and nobody...

Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service

Commentary

How much do companies really gain from offloading security duties to the cloud? Let's do the math.

By Ory Segal CTO, PureSec, 2/6/2019

2 comments | Read | Post a Comment

Latest Comment: orysegal, You make a good point, however, when adopting FaaS/Serverless on public clouds,...

New Vulnerabilities Make RDP Risks Far from Remote

News

More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/5/2019

2 comments | Read | Post a Comment

Latest Comment: kscherler, As a guy who has to type mstsc about 100 times a day I would ask that you please...

Over 59K Data Breaches Reported in EU Under GDPR

Quick Hits

In addition, 91 reported fines have been imposed since the regulation went into effect last May.

By Dark Reading Staff , 2/5/2019

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, It seems as if GDPR is doing well in getting companies to publically report...

New Botnet Shows Evolution of Tech and Criminal Culture

News

Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/4/2019

1 Comment | Read | Post a Comment

Latest Comment: jablaa, I am in contact with the owner, Erradic, and he is not looking to implement...

Exposed Consumer Data Skyrocketed 126% in 2018

News

The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.

By Kelly Sheridan Staff Editor, Dark Reading, 2/4/2019

2 comments | Read | Post a Comment

Latest Comment: Ritu_G, The crux here is that people need to start to be more responsible about their...

More Stories

Current Conversations

Posted by NathanDavidson

It is true that we often think lightly of things that we are not aware of. If a particular position isn't something that is familiar within the organisation that we work in, we might perceive it as unnecessary. Little do...

In reply to: Is it extra or necessary?
Post Your Own Reply

Posted by NathanDavidson

I would g et an Alexa or AI for the house just to test it out and have a little bit of fun with it. But I'm also a little worried what might happen if I really leave the management of my house up to this little device. It's...

In reply to: Beware the Coming of the Robot Age
Post Your Own Reply

Posted by DavidHamilton

I have a feeling that people are all going to be doing their daily activities from the comfort of their home, without ever having the need to leave the house anymore. It's just a matter of time considering how quickly services...

In reply to: People want more
Post Your Own Reply

Posted by kscherler

As a guy who has to type mstsc about 100 times a day I would ask that you please fix your spelling of the microsoft terminal services client when referencing it. You used mstc several times in your article instead of mst...

In reply to: MSTC? Isn't it MSTSC?
Post Your Own Reply

Posted by REISEN1955

Again, why would anyone go INTO IT as a career choice to start with when you can be outsourced OUT in favor of H1-B visa employees at a fraction of "the cost" and train your replacement. Yes Cyber Sec if firmer as...

In reply to: Why IT as a career field?
Post Your Own Reply

Posted by JayceJohnson

If you are looking for assignment help expert than go nowhere else, come at Singaporeassignmenthelp.com and take our excellent writing services. We have subject specific writers in law, management, IT, nursing,...

In reply to: re: Hacking Higher Education
Post Your Own Reply

Posted by t_madison

And I did not even know about this, thanks for telling me!

In reply to: Helpful
Post Your Own Reply

Posted by t_madison

Thanks for the advice, it is very useful.

In reply to: Good advice
Post Your Own Reply

Posted by t_madison

This is an interesting point of view.

In reply to: Hmmm
Post Your Own Reply

Posted by BogdanSTORM

I had an encounter this week with Grandcrab 5.1 and unfortunately not even Bitdefender is able to decode it. They can do it with versions up to 5.0, but not 5.1. How did I engage? I tried to help a friend, inserted my usb...

In reply to: Encountered - Engaged - Damaged
Post Your Own Reply

Posted by TheVampireO

I know I'm just the intern, but I don't think you put much forethought into security...

In reply to: Forethought
Post Your Own Reply

Posted by REISEN1955

Easy.. IF you don't need it, don't READ it, DELETE IT

In reply to: My suggested email rule
Post Your Own Reply

More Conversations

Products & Releases

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years

CMMI Institute Updates Cybermaturity Platform with Practices to Build Cybersecurity Resilience

Smarsh Survey Reveals Financial Firms Looking for Communications Risks in the Wrong Places

Carbonite Introduces Comprehensive Data Protection for Virtual and Physical Servers

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Valentine's Emails Laced with Gandcrab Ransomware

Kelly Sheridan, Staff Editor, Dark Reading, 2/14/2019

High Stress Levels Impacting CISOs Physically, Mentally

Jai Vijayan, Freelance writer, 2/14/2019

Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products

Curtis Franklin Jr., Senior Editor at Dark Reading, 2/14/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

[SANS] The Need for Speed: Integrated Threat Response

Want to Stay In Front of Breaches? Train Like The Marines.

The Cost Of Inaction

FutureWatch Report

Threat Intelligence Report

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: I know I'm just the intern, but I don't think you put much forethought into security...

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Attacking the Cybersecurity Problem

Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.

Download Now!

How Enterprises Are Using IT Threat Intelligence

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3812
PUBLISHED: 2019-02-19

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

CVE-2019-8933
PUBLISHED: 2019-02-19

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...

CVE-2019-7629
PUBLISHED: 2019-02-18

Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.

CVE-2019-8919
PUBLISHED: 2019-02-18

The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

CVE-2019-8917
PUBLISHED: 2019-02-18

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...

Terms of Service
Privacy Statement
Legal Entities