Network Computing Dark Reading

Advertise

Risk

News & Commentary

IT Leaders, Employees Divided on Data Security

Quick Hits

Execs and employees have dramatically different ideas of how much information is being lost and why – a gap that puts enterprise data in grave danger.

By Dark Reading Staff , 3/25/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Solp: It's not my fault. Schultz: I know nothing. Of course...

A Glass Ceiling? Not in Privacy

Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPP

Commentary

According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.

By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019

0 comments | Read | Post a Comment

Security Lessons from My Game Closet

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, But you missed THE GAME of them all - Chess of course. Looking 5 moves...

Businesses Manage 9.7PB of Data but Struggle to Protect It

Kelly Sheridan, Staff Editor, Dark Reading

News

What's more, their attempts to secure it may be putting information at risk, a new report finds.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

By Dark Reading Staff , 3/21/2019

4 comments | Read | Post a Comment

Latest Comment: KevinStanley, Absolutely.

Microsoft Brings Defender Security Tools to Mac

News

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Google Photos Bug Let Criminals Query Friends, Location

News

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019

0 comments | Read | Post a Comment

The Insider Threat: It's More Common Than You Think

Raj Ananthanpillai, Chairman & CEO, Endera

Commentary

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hey - your job can be outrsourced in a moment after you train your replacement...

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Quick Hits

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

By Dark Reading Staff , 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to see bug bounty programs gaining traction. It is truly an advocation...

TLS 1.3: A Good News/Bad News Scenario

Paula Musich, Research Director, Enterprise Management Associates

Commentary

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: mohitb_120, Very informative, thank you! Looking forward to read more about TLS...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

Stealing Corporate Funds Still Top Goal of Messaging Attacks

Robert Lemos, Technology Journalist/Data Researcher

News

Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.

By Robert Lemos , 3/19/2019

0 comments | Read | Post a Comment

New Europol Protocol Addresses Cross-Border Cyberattacks

Quick Hits

The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.

By Dark Reading Staff , 3/18/2019

0 comments | Read | Post a Comment

4 Reasons to Take an 'Inside Out' View of Security

Earl D. Matthews, Senior Vice President and Chief Strategy Officer at Verodin

Commentary

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019

0 comments | Read | Post a Comment

The Case for Transparency in End-User License Agreements

Commentary

Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.

By Lysa Myers Security Researcher, ESET, 3/13/2019

0 comments | Read | Post a Comment

There May Be a Ceiling on Vulnerability Remediation

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019

0 comments | Read | Post a Comment

How the Best DevSecOps Teams Make Risk Visible to Developers

News

DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: The Governance Guru, This post couldnt have said it better to demonstrate the different things that...

Box Mistakes Leave Enterprise Data Exposed

Quick Hits

User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.

By Dark Reading Staff , 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Amazon still makes this mistake with their S3 buckets. If a user is allowed...

Cybercriminals Think Small to Earn Big

Quick Hits

As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.

By Dark Reading Staff , 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, This line summarizes why perfectly: "Small and midsize businesses can't afford...

The 12 Worst Serverless Security Risks

Commentary

A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.

By Ory Segal CTO, PureSec, 3/12/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by REISEN1955

Solp: It's not my fault. Schultz: I know nothing. Of course employees are blameless, as there is that line called UNEMPLOYMENT and so they have done nothing wrong and if they did, well, it is the corp at...

In reply to: Han Solo and Srgt. Schultz
Post Your Own Reply

Posted by KevinStanley

Absolutely.

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by REISEN1955

But you missed THE GAME of them all - Chess of course. Looking 5 moves ahead is always hard and a logic challenge. Not all are good at it and I have learned only to play with humans. IF you play online,...

In reply to: Good points all
Post Your Own Reply

Posted by mohitb_120

Very informative, thank you! Looking forward to read more about TLS 1.3 in coming days. Thanks, Mohit

In reply to: Very informative post
Post Your Own Reply

Posted by REISEN1955

One of my managers once thought of a unique password, particularly if someone may be shoulder watching your screen: ******** True. Another user had just "guess: as a password and that drove me crazy fo...

In reply to: Re: This is the cloud - on secure passwords
Post Your Own Reply

Posted by RyanSepe

Very much agree with your parable. There is no reason the fact of FB having private data should be a surprise to anyone. "Secure Password" also feels like an oxymoron simply put, passwords are the least secure means of authenticating....

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by REISEN1955

FB as discussed is a perfect illustration of the danger of cloud apps. I have long felt that the simple view of this platform is as a enormously huge long RJ-45 cable from your system-network over the internet to another...

In reply to: This is the cloud
Post Your Own Reply

Posted by Kamlesh-Singh-Bisht

Thanks for sharing this incredible article. It really helps Microsoft users regard their usage and benefits.

In reply to: Outlook Office for Mac is an revolution.
Post Your Own Reply

Posted by RyanSepe

It's good to see bug bounty programs gaining traction. It is truly an advocation towards good will. It incentivises the discovery of issues and advocates that they be fixed instead of trying to use that information for nefarious...

In reply to: Bug Bounty
Post Your Own Reply

Posted by REISEN1955

Hey - your job can be outrsourced in a moment after you train your replacement from India. BTW he is less expensive than you are. Hey, we would like 2 weeks notice if you decided to leave us but we can terminate...

In reply to: Let the employer value the employee
Post Your Own Reply

Posted by [email protected]

Can I simply just say what a comfort to find somebody that really knows what they're discussing on the internet. You definitely understand how to bring an issue to light and make it important. More and more people really...

In reply to: Nice and informative post
Post Your Own Reply

Posted by Mcmoore08

Interesting read and spot on with hackers posing as "tech support ' thanks! Michelle

In reply to: good article
Post Your Own Reply

More Conversations

Products & Releases

OPAQ Awarded Patent for Cyber Risk Assessment Technology

TrueVault Launches TrueVault Atlas To Automate Aspects of GDPR Compliance

Industrial Internet Consortium Announces Practitioner's Guide for Assessing Maturity of IoT System Security

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Crowdsourced vs. Traditional Pen Testing

Alex Haynes, Chief Information Security Officer, CDL, 3/19/2019

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Dark Reading Staff 3/21/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Dark Reading Report Roundup

Asset Management for the Digital Age

EMA Radar Summary for Network-Based Security Analytics Q3 2018

The Advent of Advanced Network Traffic Analysis & Why it Matters

Cybersecurity for Digital Twins

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Bob, I told you incognito mode doesn't protect on those sites. Now I have to call IT, HR and animal control to clean up your mess.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3879
PUBLISHED: 2019-03-25

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to de...

CVE-2019-4046
PUBLISHED: 2019-03-25

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

CVE-2019-7608
PUBLISHED: 2019-03-25

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVE-2019-7609
PUBLISHED: 2019-03-25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands wit...

CVE-2019-7610
PUBLISHED: 2019-03-25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an ...

Terms of Service
Privacy Statement
Legal Entities