Advertise

Risk

News & Commentary

Most Expensive Data Breaches Start with Third Parties: Report

Kelly Sheridan, Staff Editor, Dark Reading

News

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

By Kelly Sheridan Staff Editor, Dark Reading, 5/24/2018

0 comments | Read | Post a Comment

GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring

Ron Teicher, CEO & Founder, EverCompliant

Commentary

The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.

By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018

0 comments | Read | Post a Comment

A Data Protection Officer's Guide to the Post-GDPR Deadline Reality

Jen Brown, Compliance and Data Protection Officer at Sumo Logic

Commentary

The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.

By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/24/2018

0 comments | Read | Post a Comment

More Than Half of Users Reuse Passwords

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2018

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, For this reason its imperative to think of utilizing passphrase over password....

Fraud Drops 76% for Merchants Using EMV, Says Visa

Quick Hits

A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.

By Dark Reading Staff , 5/23/2018

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to hear that the switch to the chip was so effective. In the beginning,...

The Good & Bad News about Blockchain Security

Michael Raziel, CTO, CyberGuild Ventures

Commentary

Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.

By Michael Raziel CTO, CyberGuild Ventures, 5/23/2018

0 comments | Read | Post a Comment

What Should Post-Quantum Cryptography Look Like?

Ericka Chickowski, Contributing Writer, Dark Reading

News

Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.

By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018

0 comments | Read | Post a Comment

6 Steps for Applying Data Science to Security

Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.

By Steve Zurier Freelance Writer, 5/23/2018

0 comments | Read | Post a Comment

New Spectre Variants Add to Vulnerability Worries

News

Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/22/2018

0 comments | Read | Post a Comment

GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'

Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast

Commentary

There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.

By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018

0 comments | Read | Post a Comment

7 Tools for Stronger IoT Security, Visibility

If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018

0 comments | Read | Post a Comment

Why Enterprises Can't Ignore Third-Party IoT-Related Risks

Charlie Miller, Senior Vice President, The Santa Fe Group

Commentary

There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.

By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018

2 comments | Read | Post a Comment

Latest Comment: AmeliaWinter, Appreciate the comment. The 2% refers to "observed exploitation events" related...

Ready or Not: Transport Layer Security 1.3 Is Coming

Mark Urban, VP, Product Strategy & Operations, Symantec

Commentary

Better encryption could mean weaker security if you're not careful.

By Mark Urban VP, Product Strategy & Operations, Symantec, 5/10/2018

0 comments | Read | Post a Comment

Phishing Threats Move to Mobile Devices

News

Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/9/2018

0 comments | Read | Post a Comment

Calculating Cloud Cost: 8 Factors to Watch

If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.

By Kelly Sheridan Staff Editor, Dark Reading, 5/9/2018

1 Comment | Read | Post a Comment

Latest Comment: TimothyE554, It's great to see security get a mention, but it's not just about the relationship...

Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules

Peter Merkulov, Chief Technology Officer, Globalscape

Commentary

Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.

By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018

0 comments | Read | Post a Comment

APT Attacks on Mobile Rapidly Emerging

News

Mobile devices are becoming a 'primary' enterprise target for attackers.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/8/2018

0 comments | Read | Post a Comment

Breakout Time: A Critical Key Cyber Metric

Scott Taschler, Director of Product Marketing for CrowdStrike

Commentary

Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.

By Scott Taschler Director of Product Marketing for CrowdStrike, 5/8/2018

0 comments | Read | Post a Comment

US Extradites Romanian Hackers Charged with Vishing, Smishing

Quick Hits

Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018

0 comments | Read | Post a Comment

Encryption is Necessary, Tools and Tips Make It Easier

News

In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by ShelleyWestman

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by RyanSepe

For this reason its imperative to think of utilizing passphrase over password. Passphrase: Sometimes I get sad when I hear passwords are still going to being utilized! Input: SIgswIhpasg2bU! Make the passphrase easier to...

In reply to: Passphrase over Password
Post Your Own Reply

Posted by RyanSepe

It's good to hear that the switch to the chip was so effective. In the beginning, it seemed like non-technical individuals were resistant to the change as it was a different way to interface with the POS system. I believe...

In reply to: Positive Steps
Post Your Own Reply

Posted by JBUITRON770

Hi, In 2009, I finished a Master's Thesis on information security in the U.S. Government, one conclusion was that there should be a Cybersecurity Czar (or similar) in the government, answering directly to the President,...

In reply to: The post of Cybersecurity Advisor should not have been eliminated
Post Your Own Reply

Posted by elitet3ch

Shhh! They're watching... And you have a laptop?

In reply to: Re: Time for a new caption contest!
Post Your Own Reply

Posted by Abujamra

"The one you have not seen, won't be remembered".

In reply to: DARK READING CARTOON CAPTION CONTEST
Post Your Own Reply

Posted by bgeisler913

Don't mind Sam he is adjusting to being back in the office after telecommuting for so long.

In reply to: When management no longer allows telecommuting.
Post Your Own Reply

Posted by J.Carson

Who's a little paranoid??

In reply to: Paranoid??
Post Your Own Reply

Posted by [email protected]

Get me if you can! I'm air gapped.

In reply to: Time for a new caption contest!
Post Your Own Reply

Posted by micjustin33

To effective GDPR compliance, over-viewing the checklist is mandatory. This checklist will help both users and business significantly to understand rules and regulations that come under GDPR to ensure the online data privacy. Here...

In reply to: GDPR Compliance Checklist
Post Your Own Reply

Posted by AmeliaWinter

Appreciate the comment. The 2% refers to "observed exploitation events" related to those vulnerabilities. It appears that you're referring to "has an exploit published." (additional background can be found in the Data Sources...

In reply to: Re: Iot Threats
Post Your Own Reply

Posted by petersmith43

I am totally agree with you that hacking in Higher education is affecting the study standard and universities required to take strict action against these type Hacking activities of students.

In reply to: Re:
Post Your Own Reply

More Conversations

Products & Releases

Cybersecurity, IT Governance, Emerging Tech Shaping 2018 IT Audit Plans: Protiviti, ISACA

ISACA Unveils GDPR Assessment for Enterprises to Gauge Regulation Readiness and Compliance Path

Tax Software Providers Not Protecting Emails from Phishing and Spoofing

Kaspersky Lab finds Prilex POS malware evolving to target chip and PIN-protected cards

PCI SSC Announces Changes to Qualified Integrators and Resellers Program

TechDemocracy’s Cyber Risk Governance Portfolio Meets Highest Quality and Information Security Standards with New ISO Certifications

Cyber Insurer Coalition Raises $10 Million to Solve Cyber Risk for SMBs

DomainTools Launches Predictive Domain Risk Scoring Model

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

New Mexico Man Sentenced on DDoS, Gun Charges

Dark Reading Staff 5/18/2018

Is Threat Intelligence Garbage?

Chris McDaniels, Chief Information Security Officer of Mosaic451, 5/23/2018

Cracking 2FA: How It's Done and How to Stay Safe

Kelly Sheridan, Staff Editor, Dark Reading, 5/17/2018

Webinars

Learn About Cyber Attackers & How They Target Your Organization

Phishing: Trends, Attacks & Defense Strategies

Threat Intelligence: Where to Start & What to Ask

Webinar Archives

White Papers

Prevent Cyber Attacks Before They Happen

2018 Security Report

5th Gen Cyber Attacks Are Here and Most Businesses Are Behind

[Buyers Guide] Remote Support

Phishing Response Trends: It's a Cluster

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Shhh! They're watching... And you have a laptop?

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-11415
PUBLISHED: 2018-05-24

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

CVE-2018-11412
PUBLISHED: 2018-05-24

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

CVE-2018-11413
PUBLISHED: 2018-05-24

An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.

CVE-2018-11414
PUBLISHED: 2018-05-24

An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.

CVE-2018-10593
PUBLISHED: 2018-05-24

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corrup...

Terms of Service
Privacy Statement
Legal Entities