Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
USB Drive Security Still Lags
Dark Reading Staff, Quick Hits
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
By Dark Reading Staff , 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
7 Considerations Before Adopting Security Standards
Steve Zurier, Contributing Writer
Here's what to think through as you prepare your organization for standards compliance.
By Steve Zurier Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Complex Environments Cause Schools to Struggle for Passing Security Grade
Robert Lemos, Contributing WriterNews
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
By Robert Lemos Contributing Writer, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
American Express Insider Breaches Cardholder Information
Dark Reading Staff, Quick Hits
The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
By Dark Reading Staff , 10/3/2019
Comment2 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
How FISMA Requirements Relate to Firmware Security
John Loucaides, Vice President, R&D, EclypsiumCommentary
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
By John Loucaides Vice President, R&D, Eclypsium, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Stalkerware on the Rise Globally
Dark Reading Staff, Quick Hits
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
By Dark Reading Staff , 10/2/2019
Comment1 Comment  |  Read  |  Post a Comment
New Silent Starling Attack Group Puts Spin on BEC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum-Safe Cryptography: The Time to Prepare Is Now
Scott Totzke, CEO & Cofounder, ISARA CorporationCommentary
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
By Scott Totzke CEO & Cofounder, ISARA Corporation, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
'Father of Identity Theft' Convicted on 13 Federal Counts
Dark Reading Staff, Quick Hits
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
By Dark Reading Staff , 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Your First Month as a New CISO
John Hellickson, Vice President, Advisory Services, at Kudelski Security, Inc.Commentary
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
By John Hellickson Vice President, Advisory Services, at Kudelski Security, Inc., 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.