Risk

News & Commentary
Robotic Vacuums May Hoover Your Data
Dark Reading Staff, Quick Hits
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Free New Scanner Aims to Protect Home Networks
Dark Reading Staff, Quick Hits
Free software pinpoints vulnerabilities and offers suggestions for remediation.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
Jai Vijayan, Freelance writer
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Messenger Apps Top Risk Hit Parade
Dark Reading Staff, Quick Hits
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Subscription Service Takes on Ransomware Protection
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division   Commentary
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Found Spectre Variants Bring New Concerns
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR InstituteCommentary
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
By Jack Jones Chairman, FAIR Institute, 7/11/2018
Comment3 comments  |  Read  |  Post a Comment
Microsoft July Security Updates Mostly Browser-Related
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle to Build 'Security-First' Culture
Kelly Sheridan, Staff Editor, Dark ReadingNews
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
By Kelly Sheridan Staff Editor, Dark Reading, 7/10/2018
Comment1 Comment  |  Read  |  Post a Comment
Putin Pushes for Global Cybersecurity Cooperation
Dark Reading Staff, Quick Hits
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
By Dark Reading Staff , 7/6/2018
Comment2 comments  |  Read  |  Post a Comment
New Malware Variant Hits With Ransomware or Cryptomining
Dark Reading Staff, Quick Hits
A new variant of old malware scans a system before deciding just how to administer pain.
By Dark Reading Staff , 7/5/2018
Comment0 comments  |  Read  |  Post a Comment
UK Banks Must Produce Backup Plans for Cyberattacks
Dark Reading Staff, Quick Hits
Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.
By Dark Reading Staff , 7/5/2018
Comment3 comments  |  Read  |  Post a Comment
Ransomware vs. Cryptojacking
Jay Kelley, Senior Product & Digital Marketing Manager, Menlo Security, Inc. Commentary
Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.
By Jay Kelley Senior Product & Digital Marketing Manager, Menlo Security, Inc. , 7/3/2018
Comment0 comments  |  Read  |  Post a Comment
6 Drivers of Mental and Emotional Stress in Infosec
Kelly Sheridan, Staff Editor, Dark Reading
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2018
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.