Advertise

Risk

News & Commentary

12 Free, Ready-to-Use Security Tools

There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.

By Steve Zurier Freelance Writer, 10/12/2018

2 comments | Read | Post a Comment

Latest Comment: rosiepage44, The security tools are the most important component of any system and those...

Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Many organizations have yet to create an effective cybersecurity strategy — and it's costing them millions.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Lower level staff and cyber expets are well aware of the dangers and methods...

Window Snyder Shares Her Plans for Intel Security

Kelly Sheridan, Staff Editor, Dark Reading

News

The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.

By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018

0 comments | Read | Post a Comment

One-Third of US Adults Hit with Identity Theft

Quick Hits

That's double the global average and more than three times the rate of French and German adults.

By Dark Reading Staff , 10/11/2018

0 comments | Read | Post a Comment

Meet 5 Women Shaping Microsoft's Security Strategy

Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.

By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2018

0 comments | Read | Post a Comment

Security Researchers Struggle with Bot Management Programs

Kaan Onarlioglu, Senior Security Researcher, Akamai

Commentary

Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.

By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018

0 comments | Read | Post a Comment

Constructing the Future of ICS Cybersecurity

News

As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.

By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018

1 Comment | Read | Post a Comment

Latest Comment: plee560, Demystifying ICS Cyber Risk with FAIR https://www.fairinstitute.org/blog/c...

New Domains: A Wide-Open Playing Field for Cybercrime

Commentary

As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.

By Ben April CTO, Farsight Security, 10/9/2018

1 Comment | Read | Post a Comment

Latest Comment: candolizaalex, This visibility enables security teams to assess their risk, update security...

Successful Scammers Call After Lunch

News

Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.

By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018

0 comments | Read | Post a Comment

Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control

Richard Ford, Chief Scientist, Forcepoint

Commentary

Technology such as Apple's device trust score that decides "you" is “not you” is a good thing. But only if it works well.

By Richard Ford Chief Scientist, Forcepoint, 10/5/2018

0 comments | Read | Post a Comment

7 Steps to Start Your Risk Assessment

Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/4/2018

0 comments | Read | Post a Comment

GDPR Report Card: Some Early Gains but More Work Ahead

Commentary

US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.

By Chris Babel CEO, TrustArc, 10/4/2018

0 comments | Read | Post a Comment

Palo Alto Networks Buys RedLock to Strengthen Cloud Security

Quick Hits

The transaction, valued at $173 million, is intended to bring analytics and threat detection to Palo Alto Networks' cloud security offering.

By Dark Reading Staff , 10/3/2018

0 comments | Read | Post a Comment

The Award for Most Dangerous Celebrity Goes To …

Quick Hits

A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.

By Dark Reading Staff , 10/2/2018

0 comments | Read | Post a Comment

CISOs: How to Answer the 5 Questions Boards Will Ask You

John Hellickson, Vice President, Advisory Services, at Kudelski Security, Inc.

Commentary

As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.

By John Hellickson Vice President, Advisory Services, at Kudelski Security, Inc., 10/2/2018

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, These are some complex questions to answer as they are not so black and white....

October Events at Dark Reading You Can't Miss

News

Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security.

By Dark Reading Staff , 10/1/2018

0 comments | Read | Post a Comment

The Right Diagnosis: A Cybersecurity Perspective

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

A healthy body and a healthy security organization have a lot more in common than most people think.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 10/1/2018

0 comments | Read | Post a Comment

Exclusive: Cisco, Duo Execs Share Plans for the Future

News

Cisco's Gee Rittenhouse and Duo's Dug Song offer ideas and goals for the merged companies as Duo folds under the Cisco umbrella.

By Kelly Sheridan Staff Editor, Dark Reading, 10/1/2018

0 comments | Read | Post a Comment

4 Traits of a Cyber-Resilient Culture

Ericka Chickowski, Contributing Writer, Dark Reading

News

Companies with a solid track record of cybersecurity share these practices and characteristics.

By Ericka Chickowski Contributing Writer, Dark Reading, 9/28/2018

1 Comment | Read | Post a Comment

Latest Comment: tcritchley07, Good article Ericka and I don't throw out compliments on articles like confetti....

How Data Security Improves When You Engage Employees in the Process

Robert E. Crossler, Assistant Professor of Information Systems, Washington State University

Commentary

When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.

By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018

6 comments | Read | Post a Comment

Latest Comment: [email protected], Security keys are a great alternative. However, passwords are not going away...

More Stories

Current Conversations

Posted by NeilB915

Glad to visit your Blog. Thanks for sharing this relevant information with us about Google Issues Chrome Updates for Windows, Mac, Linux, Android. After knowing this we have to enable Google chrome update in our window or...

In reply to: Chrome Update
Post Your Own Reply

Posted by dannycrane

It is no doubt that cyber crimes have increased as more and more areas of our lifestyles adopt technology. I'm glad that I have the chance to read this article dealing with how hacking has eeffted higher learning. Our hope...

In reply to: Great Post!
Post Your Own Reply

Posted by rosiepage44

The security tools are the most important component of any system and those tools secure our data against any kind of scams over the system. There are several security tools available on the Internet and many of them are...

In reply to: Re: Pending Review
Post Your Own Reply

Posted by MattB32201

John has always been trying creative ways to solve the pebcak issue...

In reply to: Re: Put your thinking cap on! We have new cartoon caption contest!
Post Your Own Reply

Posted by MattB32201

Looks like John got caught by one of those Nigerian princes

In reply to: Re: Put your thinking cap on! We have new cartoon caption contest!
Post Your Own Reply

Posted by plee560

Demystifying ICS Cyber Risk with FAIR https://www.fairinstitute.org/blog/case-study-demystifying-ics-cyber-risk-with-fair

In reply to: The FAIR Institute conducted a case study on how to quantify ICS-related cyber risk
Post Your Own Reply

Posted by emallove

"Yoga ball chairs, stand-up desks, treadmill offices. Have workplace ergonomics gone too far?"

In reply to: Workplace Ergonomics
Post Your Own Reply

Posted by xaviernj

This new three factor authentication is noooott easy.

In reply to: Caption contest
Post Your Own Reply

Posted by ronaldthomas

good post

In reply to: a
Post Your Own Reply

Posted by REISEN1955

Lower level staff and cyber expets are well aware of the dangers and methods used by foreign actors, phishing emails and such - but education UP and down the corporae ladder is essential. C-Suite MUST back the security...

In reply to: 4. Increase C-Suite awareness
Post Your Own Reply

Posted by ianrod

Once again, IT was left to hang out and dry.

In reply to: Name that Toon
Post Your Own Reply

Posted by Blaze007

An exemplary role model for his co-workers, Bob considers all perspectives when performing a thorough risk analysis.

In reply to: Re: Put your thinking cap on! We have new cartoon caption contest!
Post Your Own Reply

More Conversations

Products & Releases

Study: 77% of CISOs Receive Conflicting Advice About Changing Regulation

Lockpath and BitSight Announce Partnership to Strengthen Cyber Security Risk Programs

Blue Cedar Teams Up with OpenSSL, Akamai, NetApp, VMware to Build Next-Gen FIPS Module

Forter, Fraud Prevention Technology Firm, Raises $50M

World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist

Research Firm Names Flashpoint a ‘Strong Performer’ Citing Custom Collection Strategies, Cybercrime Analysis

Proofpoint Launches Closed-Loop Email Analysis and Response Solution to Automate End User-Reported Phishing Remediation

Andreessen Horowitz Leads $8.5 Million Investment in Very Good Security

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

12 Free, Ready-to-Use Security Tools

Steve Zurier, Freelance Writer, 10/12/2018

Most IT Security Pros Want to Change Jobs

Dark Reading Staff 10/12/2018

Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/11/2018

Webinars

Effective Cyber Risk Assessment

Lambda Architecture with In-Memory Technology

Make Your Organization's Email Safer

Webinar Archives

White Papers

Mobile Devices: The New Support Frontier for IT (IDG Report)

Building Security In Maturity Model (BSIMM9)

The Forrester Tech Tide on Everything You Need to Implement a Zero Trust Strategy

6 Keys to Faster Phishing Mitigation

How CIOs Can Adapt Their App Dev & Delivery Practices to Increase Time to Market

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: John has always been trying creative ways to solve the pebcak issue...

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-18324
PUBLISHED: 2018-10-15

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.

CVE-2018-18322
PUBLISHED: 2018-10-15

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.

CVE-2018-18323
PUBLISHED: 2018-10-15

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.

CVE-2018-18319
PUBLISHED: 2018-10-15

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...

CVE-2018-18320
PUBLISHED: 2018-10-15

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...

Terms of Service
Privacy Statement
Legal Entities