Risk

News & Commentary
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
FBI: Phishing Attacks Aim to Swap Payroll Information
Dark Reading Staff, Quick Hits
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
By Dark Reading Staff , 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Success for New CISOs
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
You've been hired to make an impact. These tips can help set you up for continued success.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment1 Comment  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
GovPayNow Leak of 14M+ Records Dates Back to 2012
Dark Reading Staff, Quick Hits
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2018
Comment3 comments  |  Read  |  Post a Comment
Enterprise Security Needs an Open Data Solution
Carey Nachenberg, Chief Scientist at ChronicleCommentary
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
By Carey Nachenberg Chief Scientist at Chronicle, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
Kelly Sheridan, Staff Editor, Dark ReadingNews
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by PanamaVet
Current Conversations White Privelege Day
In reply to: Cartoon Caption
Post Your Own Reply
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17300
PUBLISHED: 2018-09-21
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-17301
PUBLISHED: 2018-09-21
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
CVE-2018-17302
PUBLISHED: 2018-09-21
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
CVE-2018-17292
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than...
CVE-2018-17293
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application c...