Risk

News & Commentary
The Cyber Kill Chain Gets A Makeover
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Payment Security Compliance Takes a Turn for the Worse
Dark Reading Staff, Quick Hits
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
By Dark Reading Staff , 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Fault-Tolerant Method Used for Security Purposes in New Framework
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Deletes Passwords for Azure Active Directory Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
6 Dark Web Pricing Trends
Steve Zurier, Freelance Writer
For cybercriminals, the Dark Web grows more profitable every day.
By Steve Zurier Freelance Writer, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
FBI: Phishing Attacks Aim to Swap Payroll Information
Dark Reading Staff, Quick Hits
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
By Dark Reading Staff , 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Success for New CISOs
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
You've been hired to make an impact. These tips can help set you up for continued success.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
GovPayNow Leak of 14M+ Records Dates Back to 2012
Dark Reading Staff, Quick Hits
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Williamastro
Current Conversations Nice
In reply to: Thanks for sharing
Post Your Own Reply
Posted by PanamaVet
Current Conversations White Privelege Day
In reply to: Cartoon Caption
Post Your Own Reply
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17538
PUBLISHED: 2018-09-26
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection.
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...