Risk

News & Commentary
How to Get Consumers to Forgive You for a Breach
Dark Reading Staff, Quick Hits
It starts with already-established trust, a new survey shows.
By Dark Reading Staff , 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
Audits: The Missing Layer in Cybersecurity
Brennan P Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of DirectorsCommentary
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
By Brennan P Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors, 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
Former Equifax Manager Sentenced for Insider Trading
Dark Reading Staff, Quick Hits
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
By Dark Reading Staff , 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CACommentary
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
By Tim Callan Senior Fellow, Comodo CA, 10/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Inside the Dark Web's 'Help Wanted' Ads
Kelly Sheridan, Staff Editor, Dark ReadingNews
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
(ISC) : Global Cybersecurity Workforce Short 3 Million People
Kelly Sheridan, Staff Editor, Dark ReadingNews
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
SEC Warns Public Companies on Accounting Control Use
Dark Reading Staff, Quick Hits
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
By Dark Reading Staff , 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment3 comments  |  Read  |  Post a Comment
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Window Snyder Shares Her Plans for Intel Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
One-Third of US Adults Hit with Identity Theft
Dark Reading Staff, Quick Hits
That's double the global average and more than three times the rate of French and German adults.
By Dark Reading Staff , 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Meet 5 Women Shaping Microsoft's Security Strategy
Kelly Sheridan, Staff Editor, Dark Reading
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Constructing the Future of ICS Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
By Kelly Sheridan Staff Editor, Dark Reading, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight SecurityCommentary
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
By Ben April CTO, Farsight Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Successful Scammers Call After Lunch
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Start Your Risk Assessment
Curtis Franklin Jr., Senior Editor at Dark Reading
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/4/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.