Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Rethinking Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2019
Comment0 comments  |  Read  |  Post a Comment
YouTube Creators Hit in Account Hijacking Campaign
Dark Reading Staff, Quick Hits
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
By Dark Reading Staff , 9/23/2019
Comment0 comments  |  Read  |  Post a Comment
How Network Logging Mitigates Legal Risk
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 9/23/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Dark Reading Staff, Quick Hits
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
By Dark Reading Staff , 9/20/2019
Comment1 Comment  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Metasploit Creator HD Moore's Latest Hack: IT Assets
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
California's IoT Security Law Causing Confusion
Robert Lemos, Contributing WriterNews
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
By Robert Lemos Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Emphasizes DevOps' Role in Software Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment1 Comment  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
New Security Startup Emerges from Stealth Mode
Dark Reading Staff, Quick Hits
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Criminals Turn Friends into Enemies
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Managed service providers are the latest pawns in ransomware's game of chess.
By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment1 Comment  |  Read  |  Post a Comment
15K Private Webcams Could Let Attackers View Homes, Businesses
Dark Reading Staff, Quick Hits
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10754
PUBLISHED: 2019-09-23
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
CVE-2019-10755
PUBLISHED: 2019-09-23
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
CVE-2019-1255
PUBLISHED: 2019-09-23
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
CVE-2019-1367
PUBLISHED: 2019-09-23
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
CVE-2019-11277
PUBLISHED: 2019-09-23
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny se...