Risk //

Compliance

News & Commentary
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Sensitive Data Goes Astray in Email
Dark Reading Staff, Quick Hits
Many employees have trouble controlling the release of sensitive information in email.
By Dark Reading Staff , 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/1/2018
Comment0 comments  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Why We Need Privacy Solutions That Scale Across Borders
Chris Babel, CEO, TrustArcCommentary
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
By Chris Babel CEO, TrustArc, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Forces Marketers to Rethink Data & Security
Roger Kjensrud, CTO, ImpactCommentary
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
By Roger Kjensrud CTO, Impact, 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
Businesses Calculate Cost of GDPR as Deadline Looms
Kelly Sheridan, Staff Editor, Dark ReadingNews
Surveys highlight the financial burden of GDPR as companies scramble to meet the May 25 deadline.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Active Cyber Defense Is an Opportunity, Not a Threat
Markus Jakobsson, Chief Scientist at AgariCommentary
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
By Markus Jakobsson Chief Scientist at Agari, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Mandates Keep On Coming
Steven Grossman, VP of Strategy, Bay DynamicsCommentary
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
By Steven Grossman VP of Strategy, Bay Dynamics, 3/30/2018
Comment3 comments  |  Read  |  Post a Comment
Report Shows Ransomware is the New Normal
Dark Reading Staff, Quick Hits
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
By Dark Reading Staff , 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the GDPR Galaxy
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 3/19/2018
Comment0 comments  |  Read  |  Post a Comment
Yahoo Agrees to $80 Million Settlement with Investors
Dark Reading Staff, Quick Hits
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
By Dark Reading Staff , 3/8/2018
Comment0 comments  |  Read  |  Post a Comment
What Enterprises Can Learn from Medical Device Security
Tom Gillis, Founder & CEO, Bracket ComputingCommentary
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
By Tom Gillis Founder & CEO, Bracket Computing, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
FTC Settles with Venmo on Security Allegations
Dark Reading Staff, Quick Hits
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
By Dark Reading Staff , 2/28/2018
Comment0 comments  |  Read  |  Post a Comment
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Siemens Leads Launch of Global Cybersecurity Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Dark Reading Staff, Quick Hits
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
By Dark Reading Staff , 2/14/2018
Comment3 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...