Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
To Manage Security Risk, Manage Data First
News  |  5/23/2019  | 
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
Google's Origin & the Danger of Link Sharing
Commentary  |  5/23/2019  | 
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Russian Nation-State Hacking Unit's Tools Get More Fancy
News  |  5/23/2019  | 
APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.
Incident Response: 3 Easy Traps & How to Avoid Them
Commentary  |  5/23/2019  | 
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Commentary  |  5/22/2019  | 
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
The 3 Cybersecurity Rules of Trust
Commentary  |  5/22/2019  | 
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.
Consumer IoT Devices Are Compromising Enterprise Networks
News  |  5/22/2019  | 
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
KnowBe4 Focuses on Security Culture with CLTRe Acquisition
Quick Hits  |  5/21/2019  | 
The acquisition solidifies KnowBe4's European presence and shows a focus on building and measuring security culture.
Data Security: Think Beyond the Endpoint
News  |  5/21/2019  | 
A strong data protection strategy is essential as data moves across endpoints and in the cloud.
DHS Warns of Data Theft via Chinese-Made Drones
Quick Hits  |  5/20/2019  | 
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.
97% of Americans Cant Ace a Basic Security Test
News  |  5/20/2019  | 
Still, a new Google study uncovers a bit of good news, too.
Financial Sector Under Siege
Commentary  |  5/20/2019  | 
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
Artist Uses Malware in Installation
Quick Hits  |  5/17/2019  | 
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
When Older Windows Systems Won't Die
News  |  5/17/2019  | 
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
Exposed Elasticsearch Database Compromises Data on 8M People
Quick Hits  |  5/17/2019  | 
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Google to Replace Titan Security Keys Affected by Bluetooth Bug
News  |  5/16/2019  | 
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
Executive Order Limits Certain Tech Sales, Hits Huawei Hard
Quick Hits  |  5/16/2019  | 
The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.
Cyber Workforce Exec Order: Right Question, Wrong Answer
Commentary  |  5/16/2019  | 
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
News  |  5/15/2019  | 
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
Two Ransomware Recovery Firms Typically Pay Hackers
Quick Hits  |  5/15/2019  | 
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
Resolution Requires Cybersecurity Training for Members of Congress
Quick Hits  |  5/14/2019  | 
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
News  |  5/14/2019  | 
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
Missing in Action: Cybersecurity Professionals
Commentary  |  5/14/2019  | 
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
News  |  5/13/2019  | 
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
Attacks on JavaScript Services Leak Info From Websites
News  |  5/13/2019  | 
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
Poorly Configured Server Exposes Most Panama Citizens' Data
Quick Hits  |  5/13/2019  | 
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
How Open Testing Standards Can Improve Security
Commentary  |  5/13/2019  | 
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
Demystifying the Dark Web: What You Need to Know
Slideshows  |  5/10/2019  | 
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
Microsoft SharePoint Bug Exploited in the Wild
Quick Hits  |  5/10/2019  | 
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
How We Collectively Can Improve Cyber Resilience
Commentary  |  5/10/2019  | 
Three steps you can take, based on Department of Homeland Security priorities.
Hackers Still Outpace Breach Detection, Containment Efforts
News  |  5/10/2019  | 
Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.
US DoJ Indicts Chinese Man for Anthem Breach
News  |  5/9/2019  | 
Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.
Nation-State Breaches Surged in 2018: Verizon DBIR
News  |  5/9/2019  | 
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
US States with the Worst Consumer Cyber-Hygiene
Quick Hits  |  5/8/2019  | 
Ranking based on consumers' cybersecurity practices - or lack thereof.
The Dark Web Is Smaller Than You Think
News  |  5/7/2019  | 
The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.
The Big E-Crime Pivot
Commentary  |  5/7/2019  | 
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Microsoft Debuts ElectionGuard to Secure Voting Processes
News  |  5/6/2019  | 
The new software development kit free and open source will be available to election officials and technology suppliers this summer.
New Executive Order Aims to Grow Federal Cybersecurity Staff
Quick Hits  |  5/3/2019  | 
The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.
How Storytelling Can Help Keep Your Company Safe
Commentary  |  5/3/2019  | 
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
Security Doesn't Trust IT and IT Doesn't Trust Security
News  |  5/2/2019  | 
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Quick Hits  |  5/2/2019  | 
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
Why Are We Still Celebrating World Password Day?
News  |  5/2/2019  | 
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
World Password Day or Groundhog Day?
Commentary  |  5/2/2019  | 
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
Digital Ad-Fraud Losses Decline
News  |  5/1/2019  | 
Even so, more work remains to be done to address online ad fraud operations that cause billions of dollars in losses annually for advertisers.
Study Exposes Breadth of Cyber Risk
News  |  5/1/2019  | 
New study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well.
8 Personality Traits for Cybersecurity
Quick Hits  |  5/1/2019  | 
Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.
Page 1 / 2   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .