Risk //

Compliance

News & Commentary
Why We Need Privacy Solutions That Scale Across Borders
Chris Babel, CEO, TrustArcCommentary
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
By Chris Babel CEO, TrustArc, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Forces Marketers to Rethink Data & Security
Roger Kjensrud, CTO, ImpactCommentary
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
By Roger Kjensrud CTO, Impact, 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
Businesses Calculate Cost of GDPR as Deadline Looms
Kelly Sheridan, Staff Editor, Dark ReadingNews
Surveys highlight the financial burden of GDPR as companies scramble to meet the May 25 deadline.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Active Cyber Defense Is an Opportunity, Not a Threat
Markus Jakobsson, Chief Scientist at AgariCommentary
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
By Markus Jakobsson Chief Scientist at Agari, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Mandates Keep On Coming
Steven Grossman, VP of Strategy, Bay DynamicsCommentary
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
By Steven Grossman VP of Strategy, Bay Dynamics, 3/30/2018
Comment3 comments  |  Read  |  Post a Comment
Report Shows Ransomware is the New Normal
Dark Reading Staff, Quick Hits
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
By Dark Reading Staff , 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the GDPR Galaxy
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 3/19/2018
Comment0 comments  |  Read  |  Post a Comment
Yahoo Agrees to $80 Million Settlement with Investors
Dark Reading Staff, Quick Hits
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
By Dark Reading Staff , 3/8/2018
Comment0 comments  |  Read  |  Post a Comment
What Enterprises Can Learn from Medical Device Security
Tom Gillis, Founder & CEO, Bracket ComputingCommentary
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
By Tom Gillis Founder & CEO, Bracket Computing, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
FTC Settles with Venmo on Security Allegations
Dark Reading Staff, Quick Hits
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
By Dark Reading Staff , 2/28/2018
Comment0 comments  |  Read  |  Post a Comment
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Siemens Leads Launch of Global Cybersecurity Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Dark Reading Staff, Quick Hits
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
By Dark Reading Staff , 2/14/2018
Comment3 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Steve Zurier, Freelance WriterNews
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
By Steve Zurier Freelance Writer, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
An Action Plan to Fill the Information Security Workforce Gap
Laura Lee, Laura Lee, Executive VP, Cyber Training & Assessments, CircadenceCommentary
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
By Laura Lee Laura Lee, Executive VP, Cyber Training & Assessments, Circadence, 1/29/2018
Comment0 comments  |  Read  |  Post a Comment
PCI DSS Adds Standard for Software-based PIN Entry
Dark Reading Staff, Quick Hits
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
By Dark Reading Staff , 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR: Ready or Not, Here It Comes
Danelle Au, VP Strategy, SafeBreachCommentary
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
By Danelle Au VP Strategy, SafeBreach, 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
Living with Risk: Where Organizations Fall Short
Lysa Myers, Security Researcher, ESETCommentary
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
By Lysa Myers Security Researcher, ESET, 1/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.