Advertise

Risk

News & Commentary

Robotic Vacuums May Hoover Your Data

Quick Hits

Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.

By Dark Reading Staff , 7/19/2018

0 comments | Read | Post a Comment

Free New Scanner Aims to Protect Home Networks

Quick Hits

Free software pinpoints vulnerabilities and offers suggestions for remediation.

By Dark Reading Staff , 7/19/2018

0 comments | Read | Post a Comment

6 Ways to Tell an Insider Has Gone Rogue

Malicious activity by trusted users can be very hard to catch, so look for these red flags.

By Jai Vijayan Freelance writer, 7/19/2018

0 comments | Read | Post a Comment

Beyond Passwords: Why Your Company Should Rethink Authentication

Rajiv Dholakia, VP Products, Nok Nok Labs

Commentary

Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.

By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018

0 comments | Read | Post a Comment

Messenger Apps Top Risk Hit Parade

Quick Hits

Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.

By Dark Reading Staff , 7/18/2018

0 comments | Read | Post a Comment

New Subscription Service Takes on Ransomware Protection

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Training and response is the basis of a new offering that addresses ransomware and extortion attacks.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2018

0 comments | Read | Post a Comment

Cloud Security: Lessons Learned from Intrusion Prevention Systems

Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division

Commentary

The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.

By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018

0 comments | Read | Post a Comment

SCADA/ICS Dangers & Cybersecurity Strategies

Peter Newton, Senior Director of Product Marketing at Fortinet

Commentary

Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.

By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018

0 comments | Read | Post a Comment

Less Than Half of Cyberattacks Detected via Antivirus: SANS

Kelly Sheridan, Staff Editor, Dark Reading

News

Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018

0 comments | Read | Post a Comment

Time to Yank Cybercrime into the Light

Marc Wilczek, Digital Strategist & CIO Advisor

Commentary

Too many organizations are still operating blindfolded, research finds.

By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018

0 comments | Read | Post a Comment

Congressional Report Cites States Most Vulnerable to Election Hacking

Quick Hits

A new report details issues with 18 states along with suggestions on what can be done.

By Dark Reading Staff , 7/13/2018

0 comments | Read | Post a Comment

Newly Found Spectre Variants Bring New Concerns

News

Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018

0 comments | Read | Post a Comment

What We Talk About When We Talk About Risk

Commentary

Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.

By Jack Jones Chairman, FAIR Institute, 7/11/2018

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, Small Business - general rule is that a small business (I guess 50 emps or...

Microsoft July Security Updates Mostly Browser-Related

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2018

0 comments | Read | Post a Comment

Businesses Struggle to Build 'Security-First' Culture

News

New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.

By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2018

1 Comment | Read | Post a Comment

Latest Comment: aacyberreport, You story is on point but missing a vital detail. Security culture in the workplace...

Putin Pushes for Global Cybersecurity Cooperation

Quick Hits

At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.

By Dark Reading Staff , 7/6/2018

2 comments | Read | Post a Comment

Latest Comment: No SOPA, I have to ask if politicians should even have a hand in the InfoSec world outside...

New Malware Variant Hits With Ransomware or Cryptomining

Quick Hits

A new variant of old malware scans a system before deciding just how to administer pain.

By Dark Reading Staff , 7/5/2018

0 comments | Read | Post a Comment

UK Banks Must Produce Backup Plans for Cyberattacks

Quick Hits

Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.

By Dark Reading Staff , 7/5/2018

3 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, @REISEN: Conversely, the NIST Cybersecurity Framework -- like any framework...

Ransomware vs. Cryptojacking

Jay Kelley, Senior Product & Digital Marketing Manager, Menlo Security, Inc.

Commentary

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

By Jay Kelley Senior Product & Digital Marketing Manager, Menlo Security, Inc. , 7/3/2018

0 comments | Read | Post a Comment

6 Drivers of Mental and Emotional Stress in Infosec

Pressure comes in many forms but often with the same end result: stress and burnout within the security community.

By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2018

4 comments | Read | Post a Comment

Latest Comment: elitet3ch, Thank for headlining your daily digest with the oh-so-unsexy topic...

More Stories

Current Conversations

Posted by Lifeisgood1

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by Lifeisgood1

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by Lifeisgood1

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by MelBrandle

This is highly worrying but somehow rather expected too. As long as you are connected to the internet, your device remains in a vulnerable state. You can install preventive softwares but they can only do so much. Let's just...

In reply to: Re: Simple Solution
Post Your Own Reply

Posted by elitet3ch

Thank for headlining your daily digest with the oh-so-unsexy topic of the personal struggles InfoSec & IT Pros face. In an age where we are constantly expected to do more with less [to nothing], and the...

In reply to: The Personal Cost of CyberWarfare
Post Your Own Reply

Posted by aacyberreport

You story is on point but missing a vital detail. Security culture in the workplace should begin with the employees that are likely to be on the front line of a phishing or social engineering attack. Yes, CISO are part of...

In reply to: Security culture should start upon hire
Post Your Own Reply

Posted by OtherKen

Paul Thank you taking time to read my article. You are right that IoT is all about communication between things, people and the data. The challenge is how to manage all this new data and to determine what is important and...

In reply to: Re: hi
Post Your Own Reply

Posted by CameronRobertson

It's great to see these defects picked up so quickly so that they can be rectified. Companies should most certainly look at trying to ensure that all of their systems are running at their most efficient and also that the...

In reply to: hi
Post Your Own Reply

Posted by No SOPA

This is really forward-looking tech and I am excited to see who grabs these ideas and creates the first fully functional infrastructure. In "A Proposed Solution and Future Direction for Blockchain-Based Heterogeneous Medicare...

In reply to: Partnering Security and Healthcare with Blockchain
Post Your Own Reply

Posted by No SOPA

One of the things we see often in suspense thrillers is the "eye in the sky" concept. In fact, IoT is absolutely at the heart of what is possible in terms of securing public and private safety. By putting focus on Internet...

In reply to: Real-Time Video/Audio Scanning w/Shape Detection & Adaptive Pattern Recognition
Post Your Own Reply

Posted by PaulChau

Right now, the most important commodity in the world is the ability for swift and efficient communication. Not just amongst people but amongst things to, and that's why this whole internet of things thing has come about...

In reply to: hi
Post Your Own Reply

Posted by REISEN1955

Small Business - general rule is that a small business (I guess 50 emps or less) can live for only 2 weeks following a major crash of systems. I supported such shops and always had a backup-restore plan in working...

In reply to: Re: Cybersecurity Risk Taxonomy
Post Your Own Reply

More Conversations

Products & Releases

Jumio’s Netverify® Solutions Win Gold and Bronze in Security Software

ISACA and SecurityScorecard Define Questions to Implement Continuous Assurance for Data

BitSight Raises $60 Million in Series D Funding Led by Warburg Pincus

Trillium Opens Michigan Cybersecurity Operations and R&D Center

68% of EU, US Crypto Exchanges and Wallets Fail on Proper Customer Identity Checks

Cybersecurity, IT Governance, Emerging Tech Shaping 2018 IT Audit Plans: Protiviti, ISACA

ISACA Unveils GDPR Assessment for Enterprises to Gauge Regulation Readiness and Compliance Path

Tax Software Providers Not Protecting Emails from Phishing and Spoofing

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

White House Cybersecurity Strategy at a Crossroads

Kelly Jackson Higgins, Executive Editor at Dark Reading, 7/17/2018

The Fundamental Flaw in Security Awareness Programs

Ira Winkler, CISSP, President, Secure Mentem, 7/19/2018

Number of Retailers Impacted by Breaches Doubles

Ericka Chickowski, Contributing Writer, Dark Reading, 7/19/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

The Next Gen of IT Support

Vulnerability Disclosure Policy (VDP) Basics

Hacker-Powered Pen Tests and the Power of More

The Fileless Attack Checklist

Simplifying DO-178B/C Compliance with Grammatech's CodesSonar

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-14505
PUBLISHED: 2018-07-22

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

CVE-2018-14500
PUBLISHED: 2018-07-22

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.

CVE-2018-14501
PUBLISHED: 2018-07-22

manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.

CVE-2018-14492
PUBLISHED: 2018-07-21

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

CVE-2018-3770
PUBLISHED: 2018-07-20

A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.

Terms of Service
Privacy Statement
Legal Entities