Network Computing Dark Reading

Advertise

Risk

News & Commentary

Audits: The Missing Layer in Cybersecurity

Brennan P Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors

Commentary

Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.

By Brennan P Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors, 10/18/2018

0 comments | Read | Post a Comment

Former Equifax Manager Sentenced for Insider Trading

Quick Hits

Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.

By Dark Reading Staff , 10/18/2018

0 comments | Read | Post a Comment

Getting Up to Speed with "Always-On SSL"

Commentary

Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.

By Tim Callan Senior Fellow, Comodo CA, 10/18/2018

1 Comment | Read | Post a Comment

Latest Comment: tychotithonus, Great article overall - just one nuance that I'd differ with. Extended Validation...

Inside the Dark Web's 'Help Wanted' Ads

Kelly Sheridan, Staff Editor, Dark Reading

News

How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.

By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2018

0 comments | Read | Post a Comment

(ISC)² : Global Cybersecurity Workforce Short 3 Million People

News

With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.

By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2018

0 comments | Read | Post a Comment

SEC Warns Public Companies on Accounting Control Use

Quick Hits

A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.

By Dark Reading Staff , 10/17/2018

0 comments | Read | Post a Comment

6 Reasons Why Employees Violate Security Policies

Get into their heads to find out why they're flouting your corporate cybersecurity rules.

By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018

0 comments | Read | Post a Comment

6 Security Trends for 2018/2019

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/15/2018

2 comments | Read | Post a Comment

Latest Comment: CallumLepide, Really interesting to see the trends that have been highlighted here

12 Free, Ready-to-Use Security Tools

There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.

By Steve Zurier Freelance Writer, 10/12/2018

3 comments | Read | Post a Comment

Latest Comment: CallumLepide, This article is absoultly right. IF you are unsure if you have a security threat...

Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up

News

Many organizations have yet to create an effective cybersecurity strategy — and it's costing them millions.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Lower level staff and cyber expets are well aware of the dangers and methods...

Window Snyder Shares Her Plans for Intel Security

News

The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.

By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018

0 comments | Read | Post a Comment

One-Third of US Adults Hit with Identity Theft

Quick Hits

That's double the global average and more than three times the rate of French and German adults.

By Dark Reading Staff , 10/11/2018

0 comments | Read | Post a Comment

Meet 5 Women Shaping Microsoft's Security Strategy

Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.

By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2018

0 comments | Read | Post a Comment

Security Researchers Struggle with Bot Management Programs

Kaan Onarlioglu, Senior Security Researcher, Akamai

Commentary

Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.

By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018

0 comments | Read | Post a Comment

Constructing the Future of ICS Cybersecurity

News

As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.

By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018

1 Comment | Read | Post a Comment

Latest Comment: plee560, Demystifying ICS Cyber Risk with FAIR https://www.fairinstitute.org/blog/c...

New Domains: A Wide-Open Playing Field for Cybercrime

Commentary

As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.

By Ben April CTO, Farsight Security, 10/9/2018

1 Comment | Read | Post a Comment

Latest Comment: candolizaalex, This visibility enables security teams to assess their risk, update security...

Successful Scammers Call After Lunch

News

Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.

By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018

0 comments | Read | Post a Comment

Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control

Richard Ford, Chief Scientist, Forcepoint

Commentary

Technology such as Apple's device trust score that decides "you" is “not you” is a good thing. But only if it works well.

By Richard Ford Chief Scientist, Forcepoint, 10/5/2018

0 comments | Read | Post a Comment

7 Steps to Start Your Risk Assessment

Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/4/2018

0 comments | Read | Post a Comment

GDPR Report Card: Some Early Gains but More Work Ahead

Commentary

US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.

By Chris Babel CEO, TrustArc, 10/4/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by tychotithonus

Great article overall - just one nuance that I'd differ with. Extended Validation (EV) certificates are probably not needed in most cases. Large-scale UX analysis by the Google team and by researchers have repeatedly demonstrated...

In reply to: a counterpoint about EV certs
Post Your Own Reply

Posted by TimBerdon

This looked WAY easier when Tom Cruise did it in Mission Impossible!

In reply to: Name That Toon
Post Your Own Reply

Posted by REISEN1955

Paul realized the new corporate policy about not accepting a Varidesk had consequences.

In reply to: Re: Here is one for a venti!
Post Your Own Reply

Posted by hixonmarie412

Great read and I appreciate the article. I will definitely utilize these when testing our phisihing detection methods!

In reply to: Thank you for these!
Post Your Own Reply

Posted by potatofish

Sally, Have you started preparing for the annual security awareness training?

In reply to: Here is one for a venti!
Post Your Own Reply

Posted by CallumLepide

Really interesting to see the trends that have been highlighted here

In reply to: Good read
Post Your Own Reply

Posted by CallumLepide

This article is absoultly right. IF you are unsure if you have a security threat in your system already but are low on budget. Download some free tools to help you find out where you need to direct fundsand see what solutions...

In reply to: Free Tools
Post Your Own Reply

Posted by vijayhackr

The best information provided by you.

In reply to: Reply
Post Your Own Reply

Posted by rcamachon6g

Some people never learn, he clicked on another Democrat phishing link again!

In reply to: Re: Put your thinking cap on! We have new cartoon caption contest!
Post Your Own Reply

Posted by NeilB915

Glad to visit your Blog. Thanks for sharing this relevant information with us about Google Issues Chrome Updates for Windows, Mac, Linux, Android. After knowing this we have to enable Google chrome update in our window or...

In reply to: Chrome Update
Post Your Own Reply

Posted by dannycrane

It is no doubt that cyber crimes have increased as more and more areas of our lifestyles adopt technology. I'm glad that I have the chance to read this article dealing with how hacking has eeffted higher learning. Our hope...

In reply to: Great Post!
Post Your Own Reply

Posted by rosiepage44

The security tools are the most important component of any system and those tools secure our data against any kind of scams over the system. There are several security tools available on the Internet and many of them are...

In reply to: Re: Pending Review
Post Your Own Reply

More Conversations

Products & Releases

Carbonite Introduces Comprehensive Data Protection for Virtual and Physical Servers

60% of IT Security Professionals Looking to Leave Current Job: Mondo

The Chertoff Group Announces Rebrand

New RiskRecon Asset Risk Valuation Algorithms Manage Third-Party Cyber Risk

Study: 77% of CISOs Receive Conflicting Advice About Changing Regulation

Lockpath and BitSight Announce Partnership to Strengthen Cyber Security Risk Programs

Blue Cedar Teams Up with OpenSSL, Akamai, NetApp, VMware to Build Next-Gen FIPS Module

Forter, Fraud Prevention Technology Firm, Raises $50M

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

12 Free, Ready-to-Use Security Tools

Steve Zurier, Freelance Writer, 10/12/2018

Most IT Security Pros Want to Change Jobs

Dark Reading Staff 10/12/2018

6 Security Trends for 2018/2019

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/15/2018

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

Stopping Cyber Threats: Your Field Guide to Threat Hunting

Building Security In Maturity Model (BSIMM9)

Are Your Network Users Over-Privileged?

6 Keys to Faster Phishing Mitigation

OpenText EnCase Endpoint Security Product Overview

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This looked WAY easier when Tom Cruise did it in Mission Impossible!

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-10839
PUBLISHED: 2018-10-16

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

CVE-2018-13399
PUBLISHED: 2018-10-16

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

CVE-2018-18381
PUBLISHED: 2018-10-16

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.

CVE-2018-18382
PUBLISHED: 2018-10-16

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

CVE-2018-18374
PUBLISHED: 2018-10-16

XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.

Terms of Service
Privacy Statement
Legal Entities