Advertise

Risk

News & Commentary

Less Than Half of Cyberattacks Detected via Antivirus: SANS

Kelly Sheridan, Staff Editor, Dark Reading

News

Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018

0 comments | Read | Post a Comment

Time to Yank Cybercrime into the Light

Marc Wilczek, Digital Strategist & CIO Advisor

Commentary

Too many organizations are still operating blindfolded, research finds.

By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018

0 comments | Read | Post a Comment

Congressional Report Cites States Most Vulnerable to Election Hacking

Quick Hits

A new report details issues with 18 states along with suggestions on what can be done.

By Dark Reading Staff , 7/13/2018

0 comments | Read | Post a Comment

Newly Found Spectre Variants Bring New Concerns

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018

0 comments | Read | Post a Comment

What We Talk About When We Talk About Risk

Commentary

Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.

By Jack Jones Chairman, FAIR Institute, 7/11/2018

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, Small Business - general rule is that a small business (I guess 50 emps or...

Microsoft July Security Updates Mostly Browser-Related

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2018

0 comments | Read | Post a Comment

Businesses Struggle to Build 'Security-First' Culture

News

New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.

By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2018

1 Comment | Read | Post a Comment

Latest Comment: aacyberreport, You story is on point but missing a vital detail. Security culture in the workplace...

Putin Pushes for Global Cybersecurity Cooperation

Quick Hits

At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.

By Dark Reading Staff , 7/6/2018

2 comments | Read | Post a Comment

Latest Comment: Christian Bryant, I have to ask if politicians should even have a hand in the InfoSec world outside...

New Malware Variant Hits With Ransomware or Cryptomining

Quick Hits

A new variant of old malware scans a system before deciding just how to administer pain.

By Dark Reading Staff , 7/5/2018

0 comments | Read | Post a Comment

UK Banks Must Produce Backup Plans for Cyberattacks

Quick Hits

Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.

By Dark Reading Staff , 7/5/2018

3 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, @REISEN: Conversely, the NIST Cybersecurity Framework -- like any framework...

Ransomware vs. Cryptojacking

Jay Kelley, Senior Product & Digital Marketing Manager, Menlo Security, Inc.

Commentary

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

By Jay Kelley Senior Product & Digital Marketing Manager, Menlo Security, Inc. , 7/3/2018

0 comments | Read | Post a Comment

6 Drivers of Mental and Emotional Stress in Infosec

Pressure comes in many forms but often with the same end result: stress and burnout within the security community.

By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2018

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, Quick note about faith in humanity. That was poorly written - what really...

There's No Automating Your Way Out of Security Hiring Woes

Ericka Chickowski, Contributing Writer, Dark Reading

News

Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.

By Ericka Chickowski Contributing Writer, Dark Reading, 6/28/2018

0 comments | Read | Post a Comment

65% of Resold Memory Cards Still Pack Personal Data

News

Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.

By Kelly Sheridan Staff Editor, Dark Reading, 6/28/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Ages ago I purchased an Ebay Lexmark priner for a medical office I supported...

Ticketmaster UK Warns Thousands of Data Breach

Quick Hits

Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.

By Dark Reading Staff , 6/28/2018

8 comments | Read | Post a Comment

Latest Comment: Dr.T, " what made this approx 2% acquiring by the unknown malicious actors while...

Redefining Security with Blockchain

Commentary

Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.

By Stan Black CSIO, Citrix, 6/28/2018

1 Comment | Read | Post a Comment

Latest Comment: Christian Bryant, This is really forward-looking tech and I am excited to see who grabs these...

Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event

Commentary

Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.

By Dark Reading Staff , 6/27/2018

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, Was the virtual event archived somewhere? If so, someone point me in the right...

Insider Dangers Are Hiding in Collaboration Tools

News

The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.

By Ericka Chickowski Contributing Writer, Dark Reading, 6/26/2018

14 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, @Dr.T: They may be unavoidable, but they can be quickly mitigated with proper...

US Announces Arrests in Ghanian Fraud Schemes

Quick Hits

Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.

By Dark Reading Staff , 6/26/2018

1 Comment | Read | Post a Comment

Latest Comment: Joe Stanganelli, To me, it seems that if criminals were smarter, they'd follow the wisdom from...

Secure by Default Is Not What You Think

Tom Thomassen, Senior Staff Engineer of Security, MarkLogic

Commentary

The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.

By Tom Thomassen Senior Staff Engineer of Security, MarkLogic, 6/26/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by aacyberreport

You story is on point but missing a vital detail. Security culture in the workplace should begin with the employees that are likely to be on the front line of a phishing or social engineering attack. Yes, CISO are part of...

In reply to: Security culture should start upon hire
Post Your Own Reply

Posted by OtherKen

Paul Thank you taking time to read my article. You are right that IoT is all about communication between things, people and the data. The challenge is how to manage all this new data and to determine what is important and...

In reply to: Re: hi
Post Your Own Reply

Posted by CameronRobertson

It's great to see these defects picked up so quickly so that they can be rectified. Companies should most certainly look at trying to ensure that all of their systems are running at their most efficient and also that the...

In reply to: hi
Post Your Own Reply

Posted by Christian Bryant

This is really forward-looking tech and I am excited to see who grabs these ideas and creates the first fully functional infrastructure. In "A Proposed Solution and Future Direction for Blockchain-Based Heterogeneous Medicare...

In reply to: Partnering Security and Healthcare with Blockchain
Post Your Own Reply

Posted by Christian Bryant

One of the things we see often in suspense thrillers is the "eye in the sky" concept. In fact, IoT is absolutely at the heart of what is possible in terms of securing public and private safety. By putting focus on Internet...

In reply to: Real-Time Video/Audio Scanning w/Shape Detection & Adaptive Pattern Recognition
Post Your Own Reply

Posted by PaulChau

Right now, the most important commodity in the world is the ability for swift and efficient communication. Not just amongst people but amongst things to, and that's why this whole internet of things thing has come about...

In reply to: hi
Post Your Own Reply

Posted by REISEN1955

Small Business - general rule is that a small business (I guess 50 emps or less) can live for only 2 weeks following a major crash of systems. I supported such shops and always had a backup-restore plan in working...

In reply to: Re: Cybersecurity Risk Taxonomy
Post Your Own Reply

Posted by jonesj26

Thanks, Christian. You're absolutely right about this problem being discussed for some time now. Unfortunately, I don't believe it's broadly recognized yet as a foundational Achilles Heel for our profession. ...

In reply to: Re: Cybersecurity Risk Taxonomy
Post Your Own Reply

Posted by Christian Bryant

These are excellent points - in fact, the very list of risks you noted that are typically raised when asked are the ones I tend to see in initial project documents that relate to security. Cybersecurity Risk Taxonomy (A....

In reply to: Cybersecurity Risk Taxonomy
Post Your Own Reply

Posted by Ritu_G

Their security system specialists obviously need to resit for their security courses and tests. Due to their poor choice of defense mechanisms on that fateful day, things had turned out like how the retailer wouldn't have...

In reply to: Re: Deactivation of FireEye's Automatic Response
Post Your Own Reply

Posted by Ritu_G

In reply to: Re: Deactivation of FireEye's Automatic Response
Post Your Own Reply

Posted by nirgx

After looking at the survey, specifically the list of "Effectiveness of Technologies in Protecting Data", I wouldn't say the results are surprising - passwords at 19% and AV at 30% is actually pretty good reflection of reality....

In reply to: Effectiveness of Technologies
Post Your Own Reply

More Conversations

Products & Releases

Jumio’s Netverify® Solutions Win Gold and Bronze in Security Software

ISACA and SecurityScorecard Define Questions to Implement Continuous Assurance for Data

BitSight Raises $60 Million in Series D Funding Led by Warburg Pincus

Trillium Opens Michigan Cybersecurity Operations and R&D Center

68% of EU, US Crypto Exchanges and Wallets Fail on Proper Customer Identity Checks

Cybersecurity, IT Governance, Emerging Tech Shaping 2018 IT Audit Plans: Protiviti, ISACA

ISACA Unveils GDPR Assessment for Enterprises to Gauge Regulation Readiness and Compliance Path

Tax Software Providers Not Protecting Emails from Phishing and Spoofing

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

What We Talk About When We Talk About Risk

Jack Jones, Chairman, FAIR Institute, 7/11/2018

Ticketmaster Breach Part of Massive Payment Card Hacking Campaign

Jai Vijayan, Freelance writer, 7/10/2018

7 Ways to Keep DNS Safe

Curtis Franklin Jr., Senior Editor at Dark Reading, 7/10/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

Ironclad APIs: An Approach for App Security Testing

Mobile Devices: The New Support Frontier for IT (IDG Report)

Cloud-Based IAM for the Modern Enterprise

Cyber Threat Brief: The 2018 FIFA World Cup

The Next Gen of IT Support

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Locked device, Ha! I knew there was another way in.

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-14337
PUBLISHED: 2018-07-17

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

CVE-2018-14329
PUBLISHED: 2018-07-17

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

CVE-2018-14331
PUBLISHED: 2018-07-17

An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.

CVE-2018-14333
PUBLISHED: 2018-07-17

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has ...

CVE-2018-14334
PUBLISHED: 2018-07-17

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.

Terms of Service
Privacy Statement
Legal Entities