Risk //


News & Commentary
Yahoo Agrees to $80 Million Settlement with Investors
Dark Reading Staff, Quick Hits
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
By Dark Reading Staff , 3/8/2018
Comment0 comments  |  Read  |  Post a Comment
What Enterprises Can Learn from Medical Device Security
Tom Gillis, Founder & CEO, Bracket ComputingCommentary
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
By Tom Gillis Founder & CEO, Bracket Computing, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
FTC Settles with Venmo on Security Allegations
Dark Reading Staff, Quick Hits
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
By Dark Reading Staff , 2/28/2018
Comment0 comments  |  Read  |  Post a Comment
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Siemens Leads Launch of Global Cybersecurity Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Dark Reading Staff, Quick Hits
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
By Dark Reading Staff , 2/14/2018
Comment3 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Steve Zurier, Freelance WriterNews
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
By Steve Zurier Freelance Writer, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
An Action Plan to Fill the Information Security Workforce Gap
Laura Lee, Laura Lee, Executive VP, Cyber Training & Assessments, CircadenceCommentary
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
By Laura Lee Laura Lee, Executive VP, Cyber Training & Assessments, Circadence, 1/29/2018
Comment0 comments  |  Read  |  Post a Comment
PCI DSS Adds Standard for Software-based PIN Entry
Dark Reading Staff, Quick Hits
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
By Dark Reading Staff , 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR: Ready or Not, Here It Comes
Danelle Au, VP Strategy, SafeBreachCommentary
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
By Danelle Au VP Strategy, SafeBreach, 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
Living with Risk: Where Organizations Fall Short
Lysa Myers, Security Researcher, ESETCommentary
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
By Lysa Myers Security Researcher, ESET, 1/17/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There's a lot at stake when it comes to patching the hardware flaws.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2018
Comment5 comments  |  Read  |  Post a Comment
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Mike McConnell & Patrick Gorman, Mike McConnell & Patrick GormanCommentary
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
By Mike McConnell & Patrick Gorman Mike McConnell & Patrick Gorman, 1/3/2018
Comment1 Comment  |  Read  |  Post a Comment
CISO Holiday Miracle Wish List
Ericka Chickowski, Contributing Writer, Dark Reading
If CISOs could make a wish to solve a problem, these would be among the top choices.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Businesses Fail in Risk Modeling and Management: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Compliance: The Less You Spend the More You Pay
Jai Vijayan, Freelance writerNews
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
By Jai Vijayan Freelance writer, 12/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.