Risk
News & Commentary
Virginia Consultant Charged with Espionage
Dark Reading Staff, Quick Hits
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Sharing: The New Normal?
Danelle Au, VP Strategy, SafeBreachCommentary
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
By Danelle Au VP Strategy, SafeBreach, 6/23/2017
Comment2 comments  |  Read  |  Post a Comment
Talking Cyber-Risk with Executives
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Tony Buffomante, KPMG, U.S. Cyber Security Services LeaderCommentary
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
By Tony Buffomante KPMG, U.S. Cyber Security Services Leader, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches New Conference on Cyber Defense
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Cyber Insurance: Read the Fine Print!
Sara Boddy, Principal Threat Research Evangelist
Applying for insurance is a grueling process involving detailed questionnaires and lengthy technical interviews that can still leave you without an adequate safety net.
By Sara Boddy Principal Threat Research Evangelist, 6/15/2017
Comment1 Comment  |  Read  |  Post a Comment
By the Numbers: Parsing the Cybersecurity Challenge
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Why your CEO should rethink company security priorities in the drive for digital business growth.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/14/2017
Comment3 comments  |  Read  |  Post a Comment
Europol Operation Busts Payment Card Identity Theft Ring
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Spend 1,156 Hours Per Week on Endpoint Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Ditch the Big Ass Spreadsheet with Continuous Security Compliance
Tim Prendergast, Founder & CEO, Evident.io
Replacing outdated spreadsheets with automated, continuous monitoring reduces workload and increases reliability, making compliance easy.
By Tim Prendergast Founder & CEO, Evident.io, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Cloud: Pitfalls and Potential of CASB Systems
Kelly Sheridan, Associate Editor, Dark ReadingNews
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment2 comments  |  Read  |  Post a Comment
Cybersecurity Stands as Big Sticking Point in Software M&A
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The breach that was the fly in the ointment of the Yahoo-Verizon deal is one of many now surfacing as security of acquired firms starts to become a point of negotiation.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Sensitive DoD Data Discovered on Unprotected Server
Dark Reading Staff, Quick Hits
Researcher found unsecured repository of 60,000 documents of sensitive US data on a publicly exposed Amazon Web Services "S3" bucket used by government contractor Booz Allen Hamilton.
By Dark Reading Staff , 6/1/2017
Comment2 comments  |  Read  |  Post a Comment
SMB Security: Dont Leave the Smaller Companies Behind
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Insurance Lacking at 50% of US Companies
Dark Reading Staff, Quick Hits
While half of US security professionals say their companies passed on cybersecurity insurance, the figure is far higher in healthcare, according to a survey released today.
By Dark Reading Staff , 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Mobile App Back-End Servers, Databases at Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Securing the Human a Full-Time Commitment
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Encouraging the people in your organization to make safer cyber decisions requires dedicated brainpower to pull off, SANS study shows.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/30/2017
Comment0 comments  |  Read  |  Post a Comment
Going Beyond Checkbox Security
Dark Reading, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Data Security & Privacy: The Risks of Not Playing by the Rules
Peter Merkulov, VP, Product Strategy & Technology AlliancesCommentary
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach and the regulators.
By Peter Merkulov VP, Product Strategy & Technology Alliances, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.