Risk //

Compliance

News & Commentary
Siemens Leads Launch of Global Cybersecurity Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Dark Reading Staff, Quick Hits
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
By Dark Reading Staff , 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Steve Zurier, Freelance WriterNews
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
By Steve Zurier Freelance Writer, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
An Action Plan to Fill the Information Security Workforce Gap
Laura Lee, Laura Lee, Executive VP, Cyber Training & Assessments, CircadenceCommentary
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
By Laura Lee Laura Lee, Executive VP, Cyber Training & Assessments, Circadence, 1/29/2018
Comment0 comments  |  Read  |  Post a Comment
PCI DSS Adds Standard for Software-based PIN Entry
Dark Reading Staff, Quick Hits
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
By Dark Reading Staff , 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR: Ready or Not, Here It Comes
Danelle Au, VP Strategy, SafeBreachCommentary
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
By Danelle Au VP Strategy, SafeBreach, 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
Living with Risk: Where Organizations Fall Short
Lysa Myers, Security Researcher, ESETCommentary
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
By Lysa Myers Security Researcher, ESET, 1/17/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There's a lot at stake when it comes to patching the hardware flaws.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2018
Comment5 comments  |  Read  |  Post a Comment
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Mike McConnell & Patrick Gorman, Mike McConnell & Patrick GormanCommentary
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
By Mike McConnell & Patrick Gorman Mike McConnell & Patrick Gorman, 1/3/2018
Comment1 Comment  |  Read  |  Post a Comment
CISO Holiday Miracle Wish List
Ericka Chickowski, Contributing Writer, Dark Reading
If CISOs could make a wish to solve a problem, these would be among the top choices.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Businesses Fail in Risk Modeling and Management: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
By Kelly Sheridan Associate Editor, Dark Reading, 12/18/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Compliance: The Less You Spend the More You Pay
Jai Vijayan, Freelance writerNews
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
By Jai Vijayan Freelance writer, 12/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Meets 'Grey's Anatomy'
Tom & Natalie Pageler, Neustar CRO & CSO, and MD Stanford UniversityCommentary
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
By Tom & Natalie Pageler Neustar CRO & CSO, and MD Stanford University, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuthCommentary
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
By Danielle Jackson Chief Information Security Officer, SecureAuth, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Time to Pull an Uber and Disclose Your Data Breach Now
Joseph Carson, Chief Security Scientist at ThycoticCommentary
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
By Joseph Carson Chief Security Scientist at Thycotic, 11/22/2017
Comment1 Comment  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.