News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Overlay Technique from Brazilian Banking Trojans Making Resurgence
News  |  10/20/2017  | 
New analysis says heavy reliance on overlays and manual remote execution of transactions being combined with more advanced features of traditional banking Trojans
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
News  |  10/17/2017  | 
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
InfoSec Pros Among Worst Offenders of Employer Snooping
News  |  10/17/2017  | 
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide
News  |  10/16/2017  | 
Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
Hyatt Hit With Another Credit Card Breach
Quick Hits  |  10/13/2017  | 
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
Coalition to Offer Free Business Email Compromise Workshops
Quick Hits  |  10/12/2017  | 
A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.
Equifax Now Faces Potential Breach of Customer Help Page
Quick Hits  |  10/12/2017  | 
Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.
Olympic Games Face Greater Cybersecurity Risks
News  |  10/12/2017  | 
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
IoT: Insecurity of Things or Internet of Threats?
News  |  10/11/2017  | 
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
New Dark Reading Conference Will Focus on Defense
Commentary  |  10/11/2017  | 
The INsecurity Conference, Nov. 29-30 at the Gaylord National Harbor in Maryland is all about helping infosecurity pros mitigate threats -- from hot topics to basic hygiene.
Ransomware Sales on the Dark Web Spike 2,502% in 2017
News  |  10/11/2017  | 
Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.
GDPR Concerns Include 'Where's My Data Stored?'
News  |  10/11/2017  | 
European data protection regulations are coming like a freight train and many firms are still unprepared.
DevOpsSec: A Big Step in Cloud Application Security
Commentary  |  10/3/2017  | 
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
CISOs Offer Soup-to-Nuts C-Suite Strategy
News  |  9/29/2017  | 
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
Report: Bank Email Fraud Increases since Equifax Breach
Quick Hits  |  9/28/2017  | 
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017  | 
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Privacy Shield Framework Gains Popularity in EU, US: Report
Quick Hits  |  9/25/2017  | 
The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.
Software Assurance: Thinking Back, Looking Forward
Commentary  |  9/20/2017  | 
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Public, Hybrid Cloud Security Fears Abound
News  |  9/16/2017  | 
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
OurMine Claims Vevo Hack, Releases 3.12TB of Data
Quick Hits  |  9/16/2017  | 
Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.
Senators Propose US Elections Cybersecurity Commission
Quick Hits  |  9/15/2017  | 
The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.
Attacks on Android Soared 40% in Q2
News  |  9/15/2017  | 
Despite a rise in attacks, the average number of malicious variants remains surprisingly limited, according to a report from Avast.
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
Trump Orders Removal of Kaspersky Products from Federal Systems
Quick Hits  |  9/13/2017  | 
The president cites concern that the Russia-based company could be influenced by the Kremlin.
Businesses Fail to Properly Secure, Assess SSH: ISACA
Quick Hits  |  9/13/2017  | 
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
China to Create Data Repository to Log Cyberattacks
Quick Hits  |  9/13/2017  | 
Telcos, government agencies, Internet companies, and domain-name organizations to file cybersecurity information.
20 Questions to Help Achieve Security Program Goals
Commentary  |  9/13/2017  | 
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
News  |  9/13/2017  | 
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
Shopify Risk Director Talks Ecommerce, Bug Bounty Program
News  |  9/12/2017  | 
Andrew Dunbar shares his experience growing a retail-focused security team, and combating the many threats facing online merchants and their customers.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine
Quick Hits  |  9/11/2017  | 
Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.
New Android 'Toast' Vuln Makes Overlay Attacks Easier
News  |  9/8/2017  | 
The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017  | 
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
Page 1 / 2   >   >>


20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.