News & Commentary

Latest Content tagged with Compliance
<<   <   Page 2 / 2
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017  | 
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
News  |  8/28/2017  | 
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Can Your Risk Assessment Stand Up Under Scrutiny?
Partner Perspectives  |  7/27/2017  | 
Weak risk assessments have gotten a pass up until now, but that may be changing.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
News  |  7/6/2017  | 
Significant compromises are not just feared, but expected, Black Hat attendees say.
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017  | 
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Commentary  |  5/25/2017  | 
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
You Have One Year to Make GDPR Your Biggest Security Victory Ever
News  |  5/25/2017  | 
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Data Security & Privacy: The Risks of Not Playing by the Rules
Commentary  |  5/24/2017  | 
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach and the regulators.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
Users Overshare Sensitive Enterprise Data
News  |  4/20/2017  | 
Survey finds nearly half of the employees trained to protect sensitive data engage in risky security practices.
Microsoft: Foreign Surveillance Requests Under FISA Shot Up in 2016
Quick Hits  |  4/14/2017  | 
The company received 1,000-1,499 surveillance requests from January0- toJune 2016, the highest since 2011.
Health Savings Account Fraud: The Rapidly Growing Threat
Commentary  |  4/14/2017  | 
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Commentary  |  4/12/2017  | 
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
The New Shadow IT: Custom Data Center Applications
Commentary  |  4/7/2017  | 
If you think youve finally gotten control of unsanctioned user apps, think again. The next wave of rogue apps is on its way from your data center to the cloud.
11 UK Charities Punished for Violating Data Privacy Law
Quick Hits  |  4/6/2017  | 
Organizations fined between 6,000 and 18,000 by UKs Information Commissioners Office.
GDPR Doesnt Need to be GDP-Argh!
Commentary  |  4/5/2017  | 
These 10 steps will ease the pain of compliance with the General Data Protection Regulation, the EU's new privacy law that goes into effect in a little over a year.
As Cloud Use Expands, So Do Security Blind Spots, Studies Show
News  |  4/4/2017  | 
Three-quarters of IaaS and SaaS apps arent monitored.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017  | 
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
Cloud Security: New Research Says IT Pros Still Skittish
News  |  3/29/2017  | 
Respondents complain in two studies that traditional security tools dont work in the cloud, and cant deliver visibility across multiple cloud environments.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
FBI Chief Calls for United Fight Against Cybercrime
Quick Hits  |  3/10/2017  | 
James Comey stresses the need to address encryption challenges faced by law enforcement.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
US Lawmakers Seek Grant For State, Local Cybersecurity
Quick Hits  |  3/6/2017  | 
State Cyber Resiliency Act aims to increase resources for governments so they can fight cyber threats.
Yahoo CEO Punished for Data Breaches
Quick Hits  |  3/3/2017  | 
Marissa Mayer will be denied her annual bonus of around $2 million and also forgoes annual stock award worth millions.
New Cybersecurity Regulations Begin Today For NY Banks
News  |  3/1/2017  | 
New York's new security regulations for financial industry viewed as potential model for other states.
Cyber Insurance Uptake Hampered By Skewed Data, Poor Communication
News  |  2/25/2017  | 
Only 29% of US businesses have cyber insurance; Deloitte outlines steps for insurance companies to improve risk models, communication, and policy sales.
After Election Interference, RSA Conference Speakers Ask What Comes Next
News  |  2/17/2017  | 
Election-tampering called 'a red line we should not allow anyone to cross.'
Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'
Quick Hits  |  2/14/2017  | 
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
National Security, Regulation, Identity Top Themes At Cloud Security Summit
News  |  2/13/2017  | 
Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
Talking Cybersecurity From A Risk Management Point of View
Commentary  |  2/3/2017  | 
CenturyLink CSO David Mahon reflects on the evolution of the chief information security officer, and why todays CISOs are increasingly adopting a risk-based approach to security.
This Week On Dark Reading
Commentary  |  1/30/2017  | 
This week: how to get paid by cyber insurers and avoid paying ransoms.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
US Seeks To Intervene In Case Against Privacy Shield
Quick Hits  |  1/20/2017  | 
Digital Rights Ireland has challenged the data transfer pact raising questions of its ability to protect EU privacy.
Credit Freeze: The New Normal In Data Breach Protection?
Commentary  |  1/11/2017  | 
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
FTC Charges D-Link With Unsecure Routers And IP Cameras
Quick Hits  |  1/6/2017  | 
Federal Trade Commission voices concerns in US district court that D-Link products had put consumers' privacy at risk.
44% Of Companies Miss Breach Reporting Deadlines
Quick Hits  |  12/20/2016  | 
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
Ashley Madison To Pay $17.5 Million In Breach Settlement
Quick Hits  |  12/15/2016  | 
Ashley Madison was found guilty of lax data security and also corrupt practices including photo and profile misuse.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
<<   <   Page 2 / 2


'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.