Risk

News & Commentary
'Simplify Everything': Google Talks Container Security in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Security Fixes Across Mac, iOS
Dark Reading Staff, Quick Hits
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Security Command Center Now in Beta
Kelly Sheridan, Staff Editor, Dark ReadingNews
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
By Kelly Sheridan Staff Editor, Dark Reading, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Backdoors Up 44%, Ransomware Up 43% from 2017
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Jared, Kay Jewelers Web Vuln Exposes Shoppers' Data
Dark Reading Staff, Quick Hits
A Jared customer found he could access other orders by changing a link in his confirmation email.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2018
Comment7 comments  |  Read  |  Post a Comment
Filling the Cybersecurity Jobs Gap Now and in the Future
John DeSimone & Russ Schrader, VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security AllianceCommentary
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
By John DeSimone & Russ Schrader VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance, 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Kelly Sheridan, Staff Editor, Dark Reading
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Elad Menahem, Head of Security Research, Cato NetworksCommentary
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
By Elad Menahem Head of Security Research, Cato Networks, 11/30/2018
Comment0 comments  |  Read  |  Post a Comment
39 Arrested in Tech Support Scam Crackdown: Microsoft
Dark Reading Staff, Quick Hits
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
By Dark Reading Staff , 11/30/2018
Comment2 comments  |  Read  |  Post a Comment
Establishing True Trust in a Zero-Trust World
Ojas Rege, Chief Strategy Officer at MobileIronCommentary
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
By Ojas Rege Chief Strategy Officer at MobileIron, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
Jai Vijayan, Freelance writerNews
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
By Jai Vijayan Freelance writer, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Who's the Weakest Link in Your Supply Chain?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
By Kelly Sheridan Staff Editor, Dark Reading, 11/27/2018
Comment2 comments  |  Read  |  Post a Comment
Buckle Up: A Closer Look at Airline Security Breaches
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
By Kelly Sheridan Staff Editor, Dark Reading, 11/26/2018
Comment0 comments  |  Read  |  Post a Comment
7 Real-Life Dangers That Threaten Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/26/2018
Comment3 comments  |  Read  |  Post a Comment
Paper Trail Absence May Still Plague 2020 Election
Dark Reading Staff, Quick Hits
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
By Dark Reading Staff , 11/25/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Enables Account Sign-In via Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2018
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Agent Aix les Bains
Current Conversations What do you mean ?
In reply to: Re: BLOCKCHAIN
Post Your Own Reply
Posted by tDi443
Current Conversations ?
In reply to: BLOCKCHAIN
Post Your Own Reply
More Conversations
PR Newswire
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19653
PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVE-2018-19982
PUBLISHED: 2018-12-09
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HU...
CVE-2018-19983
PUBLISHED: 2018-12-09
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending ...
CVE-2018-19980
PUBLISHED: 2018-12-08
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
CVE-2018-19961
PUBLISHED: 2018-12-08
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.