Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
What's in Store for Privacy in 2021
Robert Lemos, Contributing WriterNews
Changes are coming to the privacy landscape, including more regulations and technologies.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTekCommentary
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
By Andrew Lowe Senior Information Security Consultant, TalaTek, 11/19/2020
Comment1 Comment  |  Read  |  Post a Comment
A Call for Change in Physical Security
Fred Burton, Executive Director, Ontic Center for Protective IntelligenceCommentary
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
By Fred Burton Executive Director, Ontic Center for Protective Intelligence, 11/16/2020
Comment1 Comment  |  Read  |  Post a Comment
The Sameness of Every Day: How to Change Up Audit Fatigue
Stephen Horvath, Vice President, Strategy & Cloud, at Telos CorporationCommentary
And with more data compliance laws on the way, audit fatigue could be a real challenge for infosec professionals.
By Stephen Horvath Vice President, Strategy & Cloud, at Telos Corporation, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
A Pause to Address 'Ethical Debt' of Facial Recognition
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
CISOs Planning on Bigger Budgets: Report
Dark Reading Staff, Quick Hits
Budgets are on the rise, even in a time of revenue worries across the industry.
By Dark Reading Staff , 10/9/2020
Comment1 Comment  |  Read  |  Post a Comment
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Maxine Holt, Research Director, OmdiaCommentary
Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report.
By Maxine Holt Research Director, Omdia, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
Biometric Data Collection Demands Scrutiny of Privacy Law
Kelly Sheridan, Staff Editor, Dark ReadingNews
An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
8 Frequently Asked Questions on Organizations' Data Protection Programs
Bernard Woo, Senior Director Analyst, GartnerCommentary
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
By Bernard Woo Senior Director Analyst, Gartner, 9/8/2020
Comment0 comments  |  Read  |  Post a Comment
The Hidden Security Risks of Business Applications
Brian Tremblay, Compliance Practice Leader at OnapsisCommentary
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
By Brian Tremblay Compliance Practice Leader at Onapsis, 9/4/2020
Comment0 comments  |  Read  |  Post a Comment
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Citizens Are Increasingly Worried About How Companies Use Their Data
Robert Lemos, Contributing WriterNews
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
By Robert Lemos Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
The Data Privacy Loophole Federal Agencies Are Still Missing
Scott Straub, Public Sector Lead of Federal Risk Markets, Neustar, IncCommentary
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
By Scott Straub Public Sector Lead of Federal Risk Markets, Neustar, Inc, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Maxine Holt, Research Director, OmdiaCommentary
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
By Maxine Holt Research Director, Omdia, 7/20/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.