Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

News & Commentary
How Network Logging Mitigates Legal Risk
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 9/23/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Dark Reading Staff, Quick Hits
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
By Dark Reading Staff , 8/30/2019
Comment2 comments  |  Read  |  Post a Comment
Privacy 2019: We're Not Ready
J. Trevor Hughes, President & CEO, IAPPCommentary
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
By J. Trevor Hughes President & CEO, IAPP, 8/29/2019
Comment2 comments  |  Read  |  Post a Comment
Never Forget Your Passwords Again!
Beyond the Edge, Dark Reading
You never know what those late-night infomercials are going to turn up.
By Beyond the Edge Dark Reading, 8/28/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Steve Zurier, Contributing Writer
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
By Steve Zurier Contributing Writer, 8/27/2019
Comment0 comments  |  Read  |  Post a Comment
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital ShadowsCommentary
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
By Dr. Richard Gold Head of Security Engineering at Digital Shadows, 8/23/2019
Comment3 comments  |  Read  |  Post a Comment
'Phoning Home': Your Latest Data Exfiltration Headache
Jeff Costlow, CISO, ExtraHopCommentary
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
By Jeff Costlow CISO, ExtraHop, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
FBI Plans to Monitor Social Media May Spark Privacy Issues
Dark Reading Staff, Quick Hits
A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance.
By Dark Reading Staff , 8/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Pros, Congress Reps Talk National Cybersecurity at DEF CON
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity and government leaders discussed why Congress is unprepared for a major cyberattack and how the two parties can collaborate.
By Kelly Sheridan Staff Editor, Dark Reading, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2019
Sara Peters, Senior Editor at Dark ReadingNews
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
By Sara Peters Senior Editor at Dark Reading, 8/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Yes, FaceApp Really Could Be Sending Your Data to Russia
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
By Marc Rogers Executive Director of Cybersecurity, Okta, 8/8/2019
Comment0 comments  |  Read  |  Post a Comment
Demystifying New FIDO Standards & Innovations
Bojan Simic, Chief Technology Officer & Co-Founder of HYPRCommentary
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
By Bojan Simic Chief Technology Officer & Co-Founder of HYPR, 8/1/2019
Comment0 comments  |  Read  |  Post a Comment
Keep Your Eye on Digital Certificates
Terry Sweeney, Contributing Editor
X.509 certificates help secure the identity, privacy, and communication between two endpoints, but these digital certificates also have built-in expirations and must be managed.
By Terry Sweeney Contributing Editor, 7/31/2019
Comment1 Comment  |  Read  |  Post a Comment
Transforming 'Tangible Security' into a Competitive Advantage
Kaan Onarlioglu, Security Architect, AkamaiCommentary
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
By Kaan Onarlioglu Security Architect, Akamai, 7/30/2019
Comment0 comments  |  Read  |  Post a Comment
Farewell, Dear Password? The Future of Identity and Authorization
Kacy Zurkus, Contributing Writer
Many organizations are questioning whether eliminating passwords as an authentication tool would augment their overall security posture.
By Kacy Zurkus Contributing Writer, 7/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
Robert Lemos, Contributing WriterNews
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
By Robert Lemos Contributing Writer, 7/26/2019
Comment3 comments  |  Read  |  Post a Comment
Answer These 9 Questions to Determine if Your Data Is Safe
Chad Cragle, Information Security Officer at FormAssemblyCommentary
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
By Chad Cragle Information Security Officer at FormAssembly, 7/25/2019
Comment9 comments  |  Read  |  Post a Comment
Travel Security [from J4vv4D]
Dark Reading,
Do you travel to dangerous places, like Information Security Conferences?
By Dark Reading , 7/24/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by yvettejwilliams
Current Conversations Thank you
In reply to: Hi men
Post Your Own Reply
Posted by allenred
Current Conversations nice post
In reply to: cyber security
Post Your Own Reply
More Conversations
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10754
PUBLISHED: 2019-09-23
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
CVE-2019-10755
PUBLISHED: 2019-09-23
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
CVE-2019-1255
PUBLISHED: 2019-09-23
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
CVE-2019-1367
PUBLISHED: 2019-09-23
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
CVE-2019-11277
PUBLISHED: 2019-09-23
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny se...