Risk

News & Commentary
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, CognigoCommentary
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
By Amit Ashbel Security Evangelist, Cognigo, 2/18/2019
Comment0 comments  |  Read  |  Post a Comment
Staffing Shortage Makes Vulnerabilities Worse
Dark Reading Staff, Quick Hits
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
By Dark Reading Staff , 2/15/2019
Comment1 Comment  |  Read  |  Post a Comment
Post-Quantum Crypto Standards Arent All About the Math
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment2 comments  |  Read  |  Post a Comment
How to Create a Dream Team for the New Age of Cybersecurity
Gaurav Banga, Founder and CEO, BalbixCommentary
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
By Gaurav Banga Founder and CEO, Balbix, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Security Spills: 9 Problems Causing the Most Stress
Kelly Sheridan, Staff Editor, Dark Reading
Security practitioners reveal what's causing them the most frustration in their roles.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Scammers Fall in Love with Valentine's Day
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from a Hard-Hitting Security Review
Jaspreet Singh, founder and CEO of DruvaCommentary
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
By Jaspreet Singh founder and CEO of Druva, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark ReadingNews
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Identifying, Understanding & Combating Insider Threats
Ilan Paretsky, Chief Marketing Officer of EricomCommentary
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides Ransomware in Super Mario Wrapper
Dark Reading Staff, Quick Hits
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
By Dark Reading Staff , 2/8/2019
Comment5 comments  |  Read  |  Post a Comment
4 Payment Security Trends for 2019
Ellen Richey, Vice Chairman and Chief Risk Officer, VisaCommentary
Visa's chief risk officer anticipates some positive changes ahead.
By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019
Comment0 comments  |  Read  |  Post a Comment
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Mykola Konrad, Vice President of Product Management, Ribbon CommunicationsCommentary
When there's a DDoS attack against your voice network, are you ready to fight against it?
By Mykola Konrad Vice President of Product Management, Ribbon Communications, 2/7/2019
Comment2 comments  |  Read  |  Post a Comment
Consumers Care About Security - Sometimes
Dark Reading Staff, Quick Hits
New RSA Security survey shows a generation gap in concerns over cybersecurity and privacy.
By Dark Reading Staff , 2/6/2019
Comment0 comments  |  Read  |  Post a Comment
4 Practical Questions to Ask Before Investing in AI
Ilia Kolochenko, CEO and Founder, High-Tech BridgeCommentary
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
By Ilia Kolochenko CEO and Founder, High-Tech Bridge, 2/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
Ory Segal, CTO, PureSecCommentary
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
By Ory Segal CTO, PureSec, 2/6/2019
Comment2 comments  |  Read  |  Post a Comment
New Vulnerabilities Make RDP Risks Far from Remote
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/5/2019
Comment2 comments  |  Read  |  Post a Comment
Over 59K Data Breaches Reported in EU Under GDPR
Dark Reading Staff, Quick Hits
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
By Dark Reading Staff , 2/5/2019
Comment2 comments  |  Read  |  Post a Comment
New Botnet Shows Evolution of Tech and Criminal Culture
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Exposed Consumer Data Skyrocketed 126% in 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
By Kelly Sheridan Staff Editor, Dark Reading, 2/4/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...