Risk

News & Commentary
How Hackers Hit Printers
Steve Zurier, Freelance WriterNews
New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
By Steve Zurier Freelance Writer, 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
Why Automation Will Free Security Pros to Do What They Do Best
Roy Katmor, CEO & Co-Founder, enSiloCommentary
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
By Roy Katmor CEO & Co-Founder, enSilo, 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
Who's At Greatest Risk for BEC Attacks? Not the CEO
Kelly Sheridan, Staff Editor, Dark ReadingNews
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
By Kelly Sheridan Staff Editor, Dark Reading, 8/30/2018
Comment0 comments  |  Read  |  Post a Comment
'Security Fatigue' Could Put Business at Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018
Comment0 comments  |  Read  |  Post a Comment
IT Professionals Think They're Better Than Their Security
Dark Reading Staff, Quick Hits
More than half of professionals think they have a good shot at a successful insider attack.
By Dark Reading Staff , 8/29/2018
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Start Searching with Shodan
Curtis Franklin Jr., Senior Editor at Dark Reading
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018
Comment0 comments  |  Read  |  Post a Comment
PCI SSC Releases New Security Tools for Small Businesses
Dark Reading Staff, Quick Hits
Tool intended to help small businesses understand their risk and how well they're being addressed.
By Dark Reading Staff , 8/28/2018
Comment0 comments  |  Read  |  Post a Comment
Polish Parliament Enacts National Cybersecurity System
Dark Reading Staff, Quick Hits
The system classifies security incidents and splits national incident response into three separate teams.
By Dark Reading Staff , 8/28/2018
Comment0 comments  |  Read  |  Post a Comment
How Can We Improve the Conversation Among Blue Teams?
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Dark Reading seeks new ways to bring defenders together to share information and best practices
By Tim Wilson, Editor in Chief, Dark Reading , 8/27/2018
Comment5 comments  |  Read  |  Post a Comment
Lazarus Group Builds its First MacOS Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.
By Kelly Sheridan Staff Editor, Dark Reading, 8/23/2018
Comment2 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
Adobe Software at Center of Two Vulnerability Disclosures
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2018
Comment0 comments  |  Read  |  Post a Comment
New Insurance Product Adds Coverage for Cryptomining Malware Losses
Dark Reading Staff, Quick Hits
Product also covers all forms of illicit use of business services, including toll fraud and unauthorized use of cloud services.
By Dark Reading Staff , 8/22/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Clinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
Dark Reading Staff, Quick Hits
More than half of organizations could be out of compliance, new research shows.
By Dark Reading Staff , 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Proving ROI: How a Security Road Map Can Sway the C-Suite
Jo-Ann Smith, Director of Technology Risk Management and Data Privacy at  AbsoluteCommentary
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
By Jo-Ann Smith Director of Technology Risk Management and Data Privacy at Absolute, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
7 Serious IoT Vulnerabilities
Curtis Franklin Jr., Senior Editor at Dark Reading
A growing number of employees have various IoT devices in their homes — where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
By Kelly Sheridan Staff Editor, Dark Reading, 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How One Company's Cybersecurity Problem Becomes Another's Fraud Problem
Curtis Jordan, Lead Security Engineer, TruSTAR,  8/29/2018
Free Cybersecurity Services Offer a First Step to Securing US Elections
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/28/2018
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle Security,  8/30/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16450
PUBLISHED: 2018-09-04
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.
CVE-2018-16444
PUBLISHED: 2018-09-04
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
CVE-2018-16445
PUBLISHED: 2018-09-04
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.
CVE-2018-16446
PUBLISHED: 2018-09-04
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
CVE-2018-16447
PUBLISHED: 2018-09-04
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.