Risk

News & Commentary
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018
Comment2 comments  |  Read  |  Post a Comment
Ready or Not: Transport Layer Security 1.3 Is Coming
Mark Urban, VP, Product Strategy & Operations, SymantecCommentary
Better encryption could mean weaker security if you're not careful.
By Mark Urban VP, Product Strategy & Operations, Symantec, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
Phishing Threats Move to Mobile Devices
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
Calculating Cloud Cost: 8 Factors to Watch
Kelly Sheridan, Staff Editor, Dark Reading
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
By Kelly Sheridan Staff Editor, Dark Reading, 5/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
APT Attacks on Mobile Rapidly Emerging
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Mobile devices are becoming a 'primary' enterprise target for attackers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
Breakout Time: A Critical Key Cyber Metric
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
By Scott Taschler Director of Product Marketing for CrowdStrike, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
US Extradites Romanian Hackers Charged with Vishing, Smishing
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
6 Enterprise Password Managers That Lighten the Load for Security
Steve Zurier, Freelance Writer
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
By Steve Zurier Freelance Writer, 5/3/2018
Comment2 comments  |  Read  |  Post a Comment
Survey Shows Sensitive Data Goes Astray in Email
Dark Reading Staff, Quick Hits
Many employees have trouble controlling the release of sensitive information in email.
By Dark Reading Staff , 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/1/2018
Comment0 comments  |  Read  |  Post a Comment
Slack Releases Open Source SDL Tool
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
After building an SDL tool for their own use, Slack has released it on Github under an open source license.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Maximize Security and Minimize Business Challenges
Jack Hamm, Principal Information Security Engineer, Gigamon
The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business change.
By Jack Hamm Principal Information Security Engineer, Gigamon, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
MyEtherWallet DNS Attack Offers Opt-In Lessons
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attackers poisoned BGP route tables to redirect Amazon's Route 53 name servers to their malicious servers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
Why Hackers Love Healthcare
Allan Alford, Chief Information Security OfficerCommentary
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
By Allan Alford Chief Information Security Officer, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
The Default SAP Configuration That Every Enterprise Needs to Fix
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/25/2018
Comment6 comments  |  Read  |  Post a Comment
Coviello: Modern Security Threats are 'Less About the Techniques'
Kelly Sheridan, Staff Editor, Dark ReadingNews
Today's attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.
By Kelly Sheridan Staff Editor, Dark Reading, 4/24/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lazyjones
Current Conversations "Security through obscurity"
In reply to: Caption
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.