Risk

News & Commentary
Siemens Leads Launch of Global Cybersecurity Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
By Kelly Sheridan Associate Editor, Dark Reading, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Dark Reading Staff, Quick Hits
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
By Dark Reading Staff , 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber Warranties: What to Know, What to Ask
Kelly Sheridan, Associate Editor, Dark ReadingNews
The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
By Kelly Sheridan Associate Editor, Dark Reading, 2/9/2018
Comment0 comments  |  Read  |  Post a Comment
20 Signs You Need to Introduce Automation into Security Ops
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 2/8/2018
Comment0 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Security vs. Speed: The Risk of Rushing to the Cloud
Kelly Sheridan, Associate Editor, Dark ReadingNews
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
By Kelly Sheridan Associate Editor, Dark Reading, 2/6/2018
Comment6 comments  |  Read  |  Post a Comment
2017 Smashed World's Records for Most Data Breaches, Exposed Information
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
Identity Fraud Hits All-Time High in 2017
Steve Zurier, Freelance WriterNews
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
By Steve Zurier Freelance Writer, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Maximize Your Security Dollars
Jai Vijayan, Freelance writer
Budget and resource constraints can make it hard for you to meet security requirements, but there are ways you can stretch your budget.
By Jai Vijayan Freelance writer, 2/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Apple, Cisco, Allianz, Aon Partner in Cyber Risk Management
Dark Reading Staff, Quick Hits
The four companies announced a tool for managing the cyber risk of ransomware and other malware-related threats.
By Dark Reading Staff , 2/5/2018
Comment0 comments  |  Read  |  Post a Comment
Mastering Security in the Zettabyte Era
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
By Marc Wilczek Digital Strategist & CIO Advisor, 2/5/2018
Comment0 comments  |  Read  |  Post a Comment
3 Ways Hackers Steal Your Company's Mobile Data
Paul Martini, The CEO, co-founder and chief architect of ibossCommentary
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
By Paul Martini The CEO, co-founder and chief architect of iboss, 2/2/2018
Comment0 comments  |  Read  |  Post a Comment
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
Authentication security methods are getting better all the time, but they are still not infallible.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 1/31/2018
Comment0 comments  |  Read  |  Post a Comment
Digital Extortion to Expand Beyond Ransomware
Kelly Sheridan, Associate Editor, Dark ReadingNews
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
By Kelly Sheridan Associate Editor, Dark Reading, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/29/2018
Comment15 comments  |  Read  |  Post a Comment
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Dark Reading Staff, Quick Hits
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
By Dark Reading Staff , 1/29/2018
Comment0 comments  |  Read  |  Post a Comment
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
Kelly Sheridan, Associate Editor, Dark ReadingNews
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
By Kelly Sheridan Associate Editor, Dark Reading, 1/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Endpoint and Mobile Top Security Spending at 57% of Businesses
Dark Reading Staff, Quick Hits
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
By Dark Reading Staff , 1/26/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.