Risk
News & Commentary
Intro to Cyber Insurance: 7 Questions to Ask
Kelly Sheridan, Associate Editor, InformationWeek
Buying a cyber insurance policy can be complex and difficult. Make sure you're asking these questions as you navigate the process.
By Kelly Sheridan Associate Editor, InformationWeek, 3/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Prioritizing Threats: Why Most Companies Get It Wrong
Michael A. Davis, CTO of CounterTackCommentary
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
By Michael A. Davis CTO of CounterTack, 3/24/2017
Comment0 comments  |  Read  |  Post a Comment
5 Ways CISOs Could Work Better with Their Cyber Insurers
Pascal Millaire, Vice President at Symantec and General Manager of the  Cyber Insurance GroupCommentary
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
By Pascal Millaire Vice President at Symantec and General Manager of the Cyber Insurance Group, 3/23/2017
Comment0 comments  |  Read  |  Post a Comment
The True State of DevSecOps
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Automation improving, but security needs to find ways to slide into DevOps workflow and toolchain.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2017
Comment0 comments  |  Read  |  Post a Comment
Hacked Sites Up By 32% in 2016 Over 2015, Says Google
Dark Reading Staff, Quick Hits
Webmasters should register on Search Console for hack notifications, advises the company.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Report: OilRig' Attacks Expanding Across Industries, Geographies
James Carder, CISO & VP, LogRhythm Labs, LogRhythm, Inc.Commentary
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
By James Carder CISO & VP, LogRhythm Labs, LogRhythm, Inc., 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Cisco Issues Advisory on Flaw in Hundreds of Switches
Dark Reading Staff, Quick Hits
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns That HTTPS Inspection Tools Weaken TLS
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
By Sara Peters Senior Editor at Dark Reading, 3/16/2017
Comment2 comments  |  Read  |  Post a Comment
Sound Waves Used to Hack Common Data Sensors
Terry Sweeney, Contributing EditorNews
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
By Terry Sweeney Contributing Editor, 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
In Cyber, Who Do We Trust to Protect the Business?
Peter Gleason, President & CEO, National Association of Corporate Directors (NACD)Commentary
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
By Peter Gleason President & CEO, National Association of Corporate Directors (NACD), 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
IRS Guides Taxpayers to Avoid Online Scammers
Dark Reading Staff, Quick Hits
Internal Revenue Service calls on taxpayers to be extra vigilant about cybersecurity, especially during tax season.
By Dark Reading Staff , 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
IoT & Liability: How Organizations Can Hold Themselves Accountable
Richard Henderson, Global Security Strategist, AbsoluteCommentary
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
By Richard Henderson Global Security Strategist, Absolute, 3/10/2017
Comment0 comments  |  Read  |  Post a Comment
WikiLeaks Says It Will Help Firms Thwart 'CIA Hack Tools'
Dark Reading Staff, Quick Hits
Julian Assange follows up leak of alleged CIA cyber espionage hack tools with promise of assistance against these.
By Dark Reading Staff , 3/10/2017
Comment0 comments  |  Read  |  Post a Comment
Securing Todays 'Elastic Attack Surface'
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
By Amit Yoran Chairman & CEO, Tenable Network Security, 3/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Fortune 1000 Companies See Security Ratings Drop
Kelly Sheridan, Associate Editor, InformationWeekNews
Fortune 1000 businesses report more breaches, and lower security performance, than their non-F1000 counterparts.
By Kelly Sheridan Associate Editor, InformationWeek, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
New Yorks Cyber Regulations: How to Take Action & Whos Next
Prakash Linga, CTO & Co-founder of VeraCommentary
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
By Prakash Linga , 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
US Lawmakers Seek Grant For State, Local Cybersecurity
Dark Reading Staff, Quick Hits
State Cyber Resiliency Act aims to increase resources for governments so they can fight cyber threats.
By Dark Reading Staff , 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
How to Use & Share Customer Data without Damaging Trust
Steve Shoaff, Chief Product Officer, Ping IdentityCommentary
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
By Steve Shoaff Chief Product Officer, Ping Identity, 3/3/2017
Comment0 comments  |  Read  |  Post a Comment
Survey Finds Disconnect Between Security Strategy and Execution
Dark Reading Staff, Quick Hits
Report from Intel Security and CSIS discovers 93% of businesses have cybersecurity strategies, but only 49% fully implement them.
By Dark Reading Staff , 3/2/2017
Comment0 comments  |  Read  |  Post a Comment
New Cybersecurity Regulations Begin Today For NY Banks
Steve Zurier, Freelance WriterNews
New York's new security regulations for financial industry viewed as potential model for other states.
By Steve Zurier Freelance Writer, 3/1/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Plumber
Current Conversations I need one myself!!!
In reply to: Plumber Hair Cuts">Re: Plumber Hair Cuts
Post Your Own Reply
Posted by Shantaram
Current Conversations nice tips, thanks
In reply to: 192.168.0.1">Re: 192.168.0.1
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.