Risk

News & Commentary
Most Expensive Data Breaches Start with Third Parties: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
By Kelly Sheridan Staff Editor, Dark Reading, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Ron Teicher, CEO & Founder, EverCompliantCommentary
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2018
Comment2 comments  |  Read  |  Post a Comment
Fraud Drops 76% for Merchants Using EMV, Says Visa
Dark Reading Staff, Quick Hits
A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.
By Dark Reading Staff , 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
The Good & Bad News about Blockchain Security
Michael Raziel, CTO, CyberGuild VenturesCommentary
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
By Michael Raziel CTO, CyberGuild Ventures, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
What Should Post-Quantum Cryptography Look Like?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Steps for Applying Data Science to Security
Steve Zurier, Freelance Writer
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
By Steve Zurier Freelance Writer, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
New Spectre Variants Add to Vulnerability Worries
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018
Comment2 comments  |  Read  |  Post a Comment
Ready or Not: Transport Layer Security 1.3 Is Coming
Mark Urban, VP, Product Strategy & Operations, SymantecCommentary
Better encryption could mean weaker security if you're not careful.
By Mark Urban VP, Product Strategy & Operations, Symantec, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
Phishing Threats Move to Mobile Devices
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
Calculating Cloud Cost: 8 Factors to Watch
Kelly Sheridan, Staff Editor, Dark Reading
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
By Kelly Sheridan Staff Editor, Dark Reading, 5/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
APT Attacks on Mobile Rapidly Emerging
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Mobile devices are becoming a 'primary' enterprise target for attackers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
Breakout Time: A Critical Key Cyber Metric
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
By Scott Taschler Director of Product Marketing for CrowdStrike, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
US Extradites Romanian Hackers Charged with Vishing, Smishing
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-9641
PUBLISHED: 2018-05-25
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
CVE-2018-10350
PUBLISHED: 2018-05-25
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs_bwlists_handler.php. Authentication is requi...
CVE-2018-6232
PUBLISHED: 2018-05-25
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability...
CVE-2018-6233
PUBLISHED: 2018-05-25
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability...
CVE-2018-6234
PUBLISHED: 2018-05-25
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first o...