Risk

News & Commentary
Insurers Collaborate on Cybersecurity Ratings
Dark Reading Staff, Quick Hits
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
By Dark Reading Staff , 3/26/2019
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019
Comment0 comments  |  Read  |  Post a Comment
87% of Cloud Pros Say Visibility Masks Security
Dark Reading Staff, Quick Hits
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
By Dark Reading Staff , 3/26/2019
Comment0 comments  |  Read  |  Post a Comment
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2019
Comment4 comments  |  Read  |  Post a Comment
IT Leaders, Employees Divided on Data Security
Dark Reading Staff, Quick Hits
Execs and employees have dramatically different ideas of how much information is being lost and why a gap that puts enterprise data in grave danger.
By Dark Reading Staff , 3/25/2019
Comment2 comments  |  Read  |  Post a Comment
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment0 comments  |  Read  |  Post a Comment
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Businesses Manage 9.7PB of Data but Struggle to Protect It
Kelly Sheridan, Staff Editor, Dark ReadingNews
What's more, their attempts to secure it may be putting information at risk, a new report finds.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment4 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Google Photos Bug Let Criminals Query Friends, Location
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Dark Reading Staff, Quick Hits
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
By Dark Reading Staff , 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
New Europol Protocol Addresses Cross-Border Cyberattacks
Dark Reading Staff, Quick Hits
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Transparency in End-User License Agreements
Lysa Myers, Security Researcher, ESETCommentary
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
By Lysa Myers Security Researcher, ESET, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
There May Be a Ceiling on Vulnerability Remediation
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KevinStanley
Current Conversations Absolutely. 
In reply to: Re: This is the cloud
Post Your Own Reply
More Conversations
PR Newswire
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/26/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9961
PUBLISHED: 2019-03-26
A cross-site scripting (XSS) vulnerability in ressource view of Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML.
CVE-2019-6341
PUBLISHED: 2019-03-26
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
CVE-2019-6540
PUBLISHED: 2019-03-26
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, ...
CVE-2019-8987
PUBLISHED: 2019-03-26
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more...
CVE-2019-8988
PUBLISHED: 2019-03-26
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modif...