Risk

News & Commentary
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
New Europol Protocol Addresses Cross-Border Cyberattacks
Dark Reading Staff, Quick Hits
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Transparency in End-User License Agreements
Lysa Myers, Security Researcher, ESETCommentary
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
By Lysa Myers Security Researcher, ESET, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
There May Be a Ceiling on Vulnerability Remediation
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff, Quick Hits
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals Think Small to Earn Big
Dark Reading Staff, Quick Hits
As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
The 12 Worst Serverless Security Risks
Ory Segal, CTO, PureSecCommentary
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
By Ory Segal CTO, PureSec, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
MongoDB once again used by database admin who opens unencrypted database to the whole world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019
Comment1 Comment  |  Read  |  Post a Comment
NSA, DHS Call for Info Sharing Across Public and Private Sectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Industry leaders debate how government and businesses can work together on key cybersecurity issues.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
3 Places Security Teams Are Wasting Time
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Dark Reading caught up with RSA Security president Rohit Ghai at the RSA Conference to discuss critical areas where CISOs and their teams are spinning their wheels.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Ultrasound Machine Diagnosed with Major Security Gaps
Kelly Sheridan, Staff Editor, Dark ReadingNews
Check Point researchers investigate security risks and point to implications for medical IoT devices.
By Kelly Sheridan Staff Editor, Dark Reading, 3/8/2019
Comment3 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
Facebook Plans Makeover as Privacy-Focused Network
Dark Reading Staff, Quick Hits
CEO Mark Zuckerberg published a lengthy post detailing the company's shift from open platform to privacy-focused communications.
By Dark Reading Staff , 3/6/2019
Comment1 Comment  |  Read  |  Post a Comment
It's Time to Rethink Your Vendor Questionnaire
Kelly White, Founder and CEO of RiskReconCommentary
To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.
By Kelly White Founder and CEO of RiskRecon, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Fighting Alert Fatigue with Actionable Intelligence
Curtis Brazzell, Managing Security Consultant, PonduranceCommentary
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
By Curtis Brazzell Managing Security Consultant, Pondurance, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.