Risk

News & Commentary
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
How the security industry can both make money and stay true to its core values, and why that matters.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Gains Enterprise Traction
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
In Pursuit of Cryptography's Holy Grail
Ellison Anne Williams, Founder and CEO of EnveilCommentary
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Tax-Season Malware Campaign Delivers Trojan Via Email
Dark Reading Staff, Quick Hits
A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.
By Dark Reading Staff , 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Panorays Debuts With $5 Million Investment
Dark Reading Staff, Quick Hits
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
By Dark Reading Staff , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
The Breach Disclosure Double Standard
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Google Groups Misconfiguration Exposes Corporate Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Telegram: Apple Has Blocked Updates since April
Dark Reading Staff, Quick Hits
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Investments You May Be Wasting
Kelly Sheridan, Staff Editor, Dark Reading
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Sentenced to 5 Years in Yahoo Credential Theft Case
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/30/2018
Comment2 comments  |  Read  |  Post a Comment
FireEye Offers Free Tool to Detect Malicious Remote Logins
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/30/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10617
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application t...
CVE-2018-10621
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application ...
CVE-2018-10623
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote co...
CVE-2015-4664
PUBLISHED: 2018-06-18
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVE-2018-9021
PUBLISHED: 2018-06-18
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.