Advertise

Risk

News & Commentary

How Hackers Hit Printers

News

New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.

By Steve Zurier Freelance Writer, 8/31/2018

0 comments | Read | Post a Comment

Why Automation Will Free Security Pros to Do What They Do Best

Commentary

There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.

By Roy Katmor CEO & Co-Founder, enSilo, 8/31/2018

0 comments | Read | Post a Comment

Who's At Greatest Risk for BEC Attacks? Not the CEO

Kelly Sheridan, Staff Editor, Dark Reading

News

CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.

By Kelly Sheridan Staff Editor, Dark Reading, 8/30/2018

0 comments | Read | Post a Comment

'Security Fatigue' Could Put Business at Risk

Curtis Franklin Jr., Senior Editor at Dark Reading

News

The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018

0 comments | Read | Post a Comment

IT Professionals Think They're Better Than Their Security

Quick Hits

More than half of professionals think they have a good shot at a successful insider attack.

By Dark Reading Staff , 8/29/2018

0 comments | Read | Post a Comment

7 Steps to Start Searching with Shodan

The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018

0 comments | Read | Post a Comment

PCI SSC Releases New Security Tools for Small Businesses

Quick Hits

Tool intended to help small businesses understand their risk and how well they're being addressed.

By Dark Reading Staff , 8/28/2018

0 comments | Read | Post a Comment

Polish Parliament Enacts National Cybersecurity System

Quick Hits

The system classifies security incidents and splits national incident response into three separate teams.

By Dark Reading Staff , 8/28/2018

0 comments | Read | Post a Comment

How Can We Improve the Conversation Among Blue Teams?

Tim Wilson, Editor in Chief, Dark Reading,

Commentary

Dark Reading seeks new ways to bring defenders together to share information and best practices

By Tim Wilson, Editor in Chief, Dark Reading , 8/27/2018

5 comments | Read | Post a Comment

Latest Comment: Dr.T, Have we become so afraid of leaking information that we don't talk across enterprise...

Lazarus Group Builds its First MacOS Malware

News

This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.

By Kelly Sheridan Staff Editor, Dark Reading, 8/23/2018

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, @mahmoodn It's Lazarus Group's first macOS malware variant, as noted in the...

The GDPR Ripple Effect

Commentary

Will we ever see a truly global data security and privacy mandate?

By Tim Critchley CEO at Semafone, 8/23/2018

0 comments | Read | Post a Comment

Adobe Software at Center of Two Vulnerability Disclosures

News

Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2018

0 comments | Read | Post a Comment

New Insurance Product Adds Coverage for Cryptomining Malware Losses

Quick Hits

Product also covers all forms of illicit use of business services, including toll fraud and unauthorized use of cloud services.

By Dark Reading Staff , 8/22/2018

0 comments | Read | Post a Comment

How to Gauge the Effectiveness of Security Awareness Programs

Ira Winkler, CISSP, President, Secure Mentem

Commentary

If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.

By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018

0 comments | Read | Post a Comment

Clinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance

Quick Hits

More than half of organizations could be out of compliance, new research shows.

By Dark Reading Staff , 8/21/2018

0 comments | Read | Post a Comment

Proving ROI: How a Security Road Map Can Sway the C-Suite

Jo-Ann Smith, Director of Technology Risk Management and Data Privacy at Absolute

Commentary

When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.

By Jo-Ann Smith Director of Technology Risk Management and Data Privacy at Absolute, 8/21/2018

0 comments | Read | Post a Comment

7 Serious IoT Vulnerabilities

A growing number of employees have various IoT devices in their homes — where they're also connecting to an enterprise network to do their work. And that means significant threats loom.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2018

1 Comment | Read | Post a Comment

Latest Comment: A96.uk, We don't build IoT with software security anymore, unless we are stupid. IoT...

Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes

News

Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.

By Kelly Sheridan Staff Editor, Dark Reading, 8/20/2018

0 comments | Read | Post a Comment

The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability

Commentary Video

Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.

By Dark Reading Staff , 8/20/2018

1 Comment | Read | Post a Comment

Latest Comment: BradleyRoss, The audio level of the podcast s way too low.

Data Privacy Careers Are Helping to Close the IT Gender Gap

Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.

Commentary

There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?

By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018

7 comments | Read | Post a Comment

Latest Comment: REISEN1955, LOL - yes, i would say that answers that question nicely!!!!!

More Stories

Current Conversations

Posted by Arlene B. Morgan

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by myassignmenthelpdesk

Hi, your blog is truly faultless and unique. Very wonderful your article, This is best article. I read really perfect your article more information one of other blog zone. So I like it. Thank so much for sharing this article...

In reply to: My Assignment Help Desk
Post Your Own Reply

Posted by A96.uk

You should tell people this is RSA in software on phones not hardware protected. Your telling me RSA in hardware has been hacked! Don't think so..... Please do the same hack on SAML11 or 508a/608a...

In reply to: Re: the security issues
Post Your Own Reply

Posted by A96.uk

I think the story should say the security is implimented in software! Try this attack with U2F or 508a/608a hardware tamper resistant! Lol so funny people still thinking RSA in software is safe.

In reply to: Re: the security issues
Post Your Own Reply

Posted by PuspackT110

very nice informtaion you share with us https://www.puspack.com/

In reply to: Re: How to alleviate these incidents?
Post Your Own Reply

Posted by [email protected]

Graet team, smart solution that provides a smart, non-intrussive risk-scoring of 3rd parties. With today's threat landscape and complex ecoystem environments it's almost a must have information. Congrats Panoyas tea...

In reply to: Congrats!
Post Your Own Reply

Posted by Kelly Jackson Higgins

@mahmoodn It's Lazarus Group's first macOS malware variant, as noted in the article. And yes, there are definitely other macOS malware variants out there, but not from Lazarus.

In reply to: Re: Not the first malware
Post Your Own Reply

Posted by mahmoodn

Hi, What do you mean exactly by "the first macos malware"? There were Leap and RSPlug in the past decade.

In reply to: Not the first malware
Post Your Own Reply

Posted by REISEN1955

LOL - yes, i would say that answers that question nicely!!!!!

In reply to: Re: Gender? How about SMART people!
Post Your Own Reply

Posted by Kelly Jackson Higgins

Actually, Dana is in IT security: Her title is Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc. =)

In reply to: Re: Gender? How about SMART people!
Post Your Own Reply

Posted by REISEN1955

Partial agree - wrong to portray all H1-B in a group but American management has a mindset STILL RUNINNG that IT is just an expense line item in a budget - that's all - damn those high salary men and women who do quiet work...

In reply to: Re: Gender? How about SMART people!
Post Your Own Reply

Posted by NickoD558

I had a funny question, why isnt the author of this article in IT? Just my logic as a human asking a good question. No? There is a gap but its not an abnormal sign of anything apocolyptic. Its just a preference by people....

In reply to: Re: Gender? How about SMART people!
Post Your Own Reply

More Conversations

Products & Releases

Andreessen Horowitz Leads $8.5 Million Investment in Very Good Security

Information Security Forum Releases Data Leakage Prevention Digest

Exabeam Raises $50 Million in Series D, Targets SIEM Market

Imperva Completes the Acquisition of Prevoty

Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk

Retail Cyber Intelligence Sharing Center (R-CISC) Forms Advisory Council

Research Reveals Major Insider Threat Disconnect in the Workplace: ObserveIT

Jumio’s Netverify® Solutions Win Gold and Bronze in Security Software

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

How One Company's Cybersecurity Problem Becomes Another's Fraud Problem

Curtis Jordan, Lead Security Engineer, TruSTAR, 8/29/2018

Free Cybersecurity Services Offer a First Step to Securing US Elections

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/28/2018

4 Benefits of a World with Less Privacy

Reg Harnish, CEO, GreyCastle Security, 8/30/2018

Live Events

Webinars

More UBM Tech
Live Events

Build Your Communications & Collaboration Future

Enterprise Connect Orlando 2019 Registration is Open!

White Papers

Budget & Buy-in: Get Your C-Level Invested in Cybersecurity

Understanding Cyber-Attacks

The Definition of SOC-cess: SANS 2018 SOC Survey Results

What You Need to Know About SD-WAN

[Video] How Perfect Forward Secrecy Works in TLS 1.3

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: Setting aside the humor for a second, this situation could arguably happen without a hack. There's a certain popular romance to Putin in some ...

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Data Breaches Affect the Enterprise

This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!

Download Now!

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-16450
PUBLISHED: 2018-09-04

CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.

CVE-2018-16444
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.

CVE-2018-16445
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.

CVE-2018-16446
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.

CVE-2018-16447
PUBLISHED: 2018-09-04

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.

Terms of Service
Privacy Statement
Legal Entities