Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Privacy & Security Outlook for Businesses Post-COVID-19
Aaron Shum, Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research GroupCommentary
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
By Aaron Shum Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research Group, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus, Data Privacy & the New Online Social Contract
Shuman Ghosemajumder, Global Head of Artificial Intelligence, F5 NetworksCommentary
How governments can protect personal privacy in contact tracing while saving peoples' lives
By Shuman Ghosemajumder Global Head of Artificial Intelligence, F5 Networks, 5/12/2020
Comment0 comments  |  Read  |  Post a Comment
Will the Pandemic Complicate Cyber Insurance Claims?
Edge Editors, Dark Reading
While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.
By Edge Editors Dark Reading, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Narrow the Scope of Compliance
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Many organizations are doing more than they need regarding compliance.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 4/24/2020
Comment1 Comment  |  Read  |  Post a Comment
'Look for the Helpers' to Securely Enable the Remote Workforce
Scott Price, Chief Executive Officer at A-LIGNCommentary
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
By Scott Price Chief Executive Officer at A-LIGN, 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later?
Edge Editors, Dark Reading
To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there's a PHI slip-up?
By Edge Editors Dark Reading, 4/14/2020
Comment0 comments  |  Read  |  Post a Comment
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Technology Empowers Pandemic Response, But Privacy Worries Remain
Robert Lemos, Contributing WriterNews
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
By Robert Lemos Contributing Writer, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Got Tagged, but Not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
By Kelly Sheridan Staff Editor, Dark Reading, 3/16/2020
Comment3 comments  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Improve Their Data Security, But Privacy Not So Much
Robert Lemos, Contributing WriterNews
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
By Robert Lemos Contributing Writer, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Why Companies Should Care about Data Privacy Day
Brad Shimmin, Distinguished AnalystCommentary
Marking yesterday's 14th anniversary of Europe's first data protection day reminds us how far we still have to go.
By Brad Shimmin Distinguished Analyst, 1/29/2020
Comment13 comments  |  Read  |  Post a Comment
CCPA: Cut From the Same Cloth as PCI DSS
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AGCommentary
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
By Jonathan Deveaux Head of Enterprise Data Protection at comforte AG, 1/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Greater Focus on Privacy Pays Off for Firms
Robert Lemos, Contributing WriterNews
Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.
By Robert Lemos Contributing Writer, 1/27/2020
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by YorkLawFirm
Current Conversations Thanks for sharing    
In reply to: Feedback
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15504
PUBLISHED: 2020-07-10
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other version...
CVE-2020-8190
PUBLISHED: 2020-07-10
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-8191
PUBLISHED: 2020-07-10
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
CVE-2020-8193
PUBLISHED: 2020-07-10
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVE-2020-8194
PUBLISHED: 2020-07-10
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.