Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Data Asset Management: What Do You Really Need?
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Ira Winkler, CISSP, President, Secure MentemCommentary
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
The 3 Cybersecurity Rules of Trust
Ari Singer, CTO at TrustPhiCommentary
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.
By Ari Singer CTO at TrustPhi, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Consumer IoT Devices Are Compromising Enterprise Networks
Ericka Chickowski, Contributing WriterNews
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
By Ericka Chickowski Contributing Writer, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
KnowBe4 Focuses on Security Culture with CLTRe Acquisition
Dark Reading Staff, Quick Hits
The acquisition solidifies KnowBe4's European presence and shows a focus on building and measuring security culture.
By Dark Reading Staff , 5/21/2019
Comment0 comments  |  Read  |  Post a Comment
Data Security: Think Beyond the Endpoint
Kelly Sheridan, Staff Editor, Dark ReadingNews
A strong data protection strategy is essential as data moves across endpoints and in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2019
Comment0 comments  |  Read  |  Post a Comment
DHS Warns of Data Theft via Chinese-Made Drones
Dark Reading Staff, Quick Hits
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.
By Dark Reading Staff , 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
97% of Americans Cant Ace a Basic Security Test
Steve Zurier, Contributing WriterNews
Still, a new Google study uncovers a bit of good news, too.
By Steve Zurier Contributing Writer, 5/20/2019
Comment7 comments  |  Read  |  Post a Comment
Financial Sector Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
Artist Uses Malware in Installation
Dark Reading Staff, Quick Hits
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
By Dark Reading Staff , 5/17/2019
Comment1 Comment  |  Read  |  Post a Comment
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Exposed Elasticsearch Database Compromises Data on 8M People
Dark Reading Staff, Quick Hits
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Executive Order Limits Certain Tech Sales, Hits Huawei Hard
Dark Reading Staff, Quick Hits
The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.
By Dark Reading Staff , 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Workforce Exec Order: Right Question, Wrong Answer
Ryan Shaw, Co-Founder, BionicCommentary
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
By Ryan Shaw Co-Founder, Bionic, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Two Ransomware Recovery Firms Typically Pay Hackers
Dark Reading Staff, Quick Hits
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
By Dark Reading Staff , 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Missing in Action: Cybersecurity Professionals
Andrea Fumagalli, Vice President of Engineering, DFLabsCommentary
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
By Andrea Fumagalli Vice President of Engineering, DFLabs, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12293
PUBLISHED: 2019-05-23
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus