Network Computing Dark Reading

Advertise

Risk

News & Commentary

Insurers Collaborate on Cybersecurity Ratings

Quick Hits

A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.

By Dark Reading Staff , 3/26/2019

0 comments | Read | Post a Comment

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Andrea Little Limbago, Chief Social Scientist, Virtru

Commentary

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019

0 comments | Read | Post a Comment

87% of Cloud Pros Say Visibility Masks Security

Quick Hits

The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.

By Dark Reading Staff , 3/26/2019

0 comments | Read | Post a Comment

Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Ret. Admiral Michael Rogers – who served as head of the NSA and the US Cyber Command from 2014 to 2018 – on how to handle the risk of insiders exposing an organization's sensitive data.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2019

4 comments | Read | Post a Comment

Latest Comment: REISEN1955, Some time ago, my then 3 year old grand-daughter, Cariana, came to visit work...

IT Leaders, Employees Divided on Data Security

Quick Hits

Execs and employees have dramatically different ideas of how much information is being lost and why – a gap that puts enterprise data in grave danger.

By Dark Reading Staff , 3/25/2019

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, I think two facets come into play here. Ultimately, as data owners executives...

A Glass Ceiling? Not in Privacy

Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPP

Commentary

According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.

By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019

0 comments | Read | Post a Comment

Security Lessons from My Game Closet

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, But you missed THE GAME of them all - Chess of course. Looking 5 moves...

Businesses Manage 9.7PB of Data but Struggle to Protect It

Kelly Sheridan, Staff Editor, Dark Reading

News

What's more, their attempts to secure it may be putting information at risk, a new report finds.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

By Dark Reading Staff , 3/21/2019

4 comments | Read | Post a Comment

Latest Comment: KevinStanley, Absolutely.

Microsoft Brings Defender Security Tools to Mac

News

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Google Photos Bug Let Criminals Query Friends, Location

News

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019

0 comments | Read | Post a Comment

The Insider Threat: It's More Common Than You Think

Raj Ananthanpillai, Chairman & CEO, Endera

Commentary

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hey - your job can be outrsourced in a moment after you train your replacement...

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Quick Hits

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

By Dark Reading Staff , 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to see bug bounty programs gaining traction. It is truly an advocation...

TLS 1.3: A Good News/Bad News Scenario

Paula Musich, Research Director, Enterprise Management Associates

Commentary

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: mohitb_120, Very informative, thank you! Looking forward to read more about TLS...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

Stealing Corporate Funds Still Top Goal of Messaging Attacks

Robert Lemos, Technology Journalist/Data Researcher

News

Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.

By Robert Lemos , 3/19/2019

0 comments | Read | Post a Comment

New Europol Protocol Addresses Cross-Border Cyberattacks

Quick Hits

The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.

By Dark Reading Staff , 3/18/2019

0 comments | Read | Post a Comment

4 Reasons to Take an 'Inside Out' View of Security

Earl D. Matthews, Senior Vice President and Chief Strategy Officer at Verodin

Commentary

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019

0 comments | Read | Post a Comment

The Case for Transparency in End-User License Agreements

Commentary

Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.

By Lysa Myers Security Researcher, ESET, 3/13/2019

0 comments | Read | Post a Comment

There May Be a Ceiling on Vulnerability Remediation

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by REISEN1955

Some time ago, my then 3 year old grand-daughter, Cariana, came to visit work with her mother and my wife. She loved Pizza in the cafeteria and said hello to my colleagues. Of course all three had visitor badges...

In reply to: Re: Stopping insider threat - Perimeter Security
Post Your Own Reply

Posted by ealmer

Good stuff! A smart CISO I worked with once had set tripwires on sensitive data (at a cellular operator this is an obvious class of data) and would pick up the phone and call any user touching data they were not supposed...

In reply to: Stopping insider threat
Post Your Own Reply

Posted by Kelly Jackson Higgins

Adm. Rogers had some interesting insight into this topic, for sure.

In reply to: Re: All too true
Post Your Own Reply

Posted by REISEN1955

Excellent article in every respect and the Admiral hits every point succinct and sound. Access to ONLY data users need to do their job is key security rule number 1 ..... but many times it is bypassed for just EVERYTHING...

In reply to: All too true
Post Your Own Reply

Posted by RyanSepe

I think two facets come into play here. Ultimately, as data owners executives of said data are more heavily responsible for securing data at the company even though the data custodians (employees) directly touch said data....

In reply to: Risk Ownership
Post Your Own Reply

Posted by REISEN1955

Solp: It's not my fault. Schultz: I know nothing. Of course employees are blameless, as there is that line called UNEMPLOYMENT and so they have done nothing wrong and if they did, well, it is the corp at...

In reply to: Han Solo and Srgt. Schultz
Post Your Own Reply

Posted by KevinStanley

Absolutely.

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by REISEN1955

But you missed THE GAME of them all - Chess of course. Looking 5 moves ahead is always hard and a logic challenge. Not all are good at it and I have learned only to play with humans. IF you play online,...

In reply to: Good points all
Post Your Own Reply

Posted by mohitb_120

Very informative, thank you! Looking forward to read more about TLS 1.3 in coming days. Thanks, Mohit

In reply to: Very informative post
Post Your Own Reply

Posted by REISEN1955

One of my managers once thought of a unique password, particularly if someone may be shoulder watching your screen: ******** True. Another user had just "guess: as a password and that drove me crazy fo...

In reply to: Re: This is the cloud - on secure passwords
Post Your Own Reply

Posted by RyanSepe

Very much agree with your parable. There is no reason the fact of FB having private data should be a surprise to anyone. "Secure Password" also feels like an oxymoron simply put, passwords are the least secure means of authenticating....

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by REISEN1955

FB as discussed is a perfect illustration of the danger of cloud apps. I have long felt that the simple view of this platform is as a enormously huge long RJ-45 cable from your system-network over the internet to another...

In reply to: This is the cloud
Post Your Own Reply

More Conversations

Products & Releases

OPAQ Awarded Patent for Cyber Risk Assessment Technology

TrueVault Launches TrueVault Atlas To Automate Aspects of GDPR Compliance

Industrial Internet Consortium Announces Practitioner's Guide for Assessing Maturity of IoT System Security

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Dark Reading Staff 3/21/2019

Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'

Kelly Jackson Higgins, Executive Editor at Dark Reading, 3/26/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

10 Career Moves You Can Make in 2019

Asset Management for the Digital Age

Dark Reading Report Roundup

Organizing the Hunt for Cyber Threats with MITRE ATT&CK

What's the Answer to the Vulnerability Overload Problem? Key Findings from ESG's Cyber Risk Management Survey

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Incorrect password, you have one second to click on all pictures with a traffic signal...

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-9961
PUBLISHED: 2019-03-26

A cross-site scripting (XSS) vulnerability in ressource view of Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML.

CVE-2019-6341
PUBLISHED: 2019-03-26

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

CVE-2019-6540
PUBLISHED: 2019-03-26

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, ...

CVE-2019-8987
PUBLISHED: 2019-03-26

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more...

CVE-2019-8988
PUBLISHED: 2019-03-26

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modif...

Terms of Service
Privacy Statement
Legal Entities