Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Security & Trust Ratings Proliferate: Is That a Good Thing?
News  |  5/22/2020  | 
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.
COVID-19: Latest Security News & Commentary
News  |  5/22/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
10 iOS Security Tips to Lock Down Your iPhone
Slideshows  |  5/22/2020  | 
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
How an Industry Consortium Can Reinvent Security Solution Testing
Commentary  |  5/21/2020  | 
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
The Need for Compliance in a Post-COVID-19 World
Commentary  |  5/21/2020  | 
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
News  |  5/21/2020  | 
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Quick Hits  |  5/20/2020  | 
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
News  |  5/20/2020  | 
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Commentary  |  5/20/2020  | 
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Google Chrome Redesign Puts Security & Privacy in Users' Hands
Quick Hits  |  5/19/2020  | 
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Commentary  |  5/19/2020  | 
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
Private Equity Firm Stalls $1.9B Forescout Acquisition
Quick Hits  |  5/18/2020  | 
Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.
The 3 Top Cybersecurity Myths & What You Should Know
Commentary  |  5/18/2020  | 
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
Microsoft Open Sources Its Coronavirus Threat Data
Quick Hits  |  5/15/2020  | 
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
News  |  5/14/2020  | 
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
Project Aims to Unmask Disinformation Bots
News  |  5/14/2020  | 
BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?
8 Supply Chain Security Requirements
Slideshows  |  5/14/2020  | 
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
Compliance as a Way to Reduce the Risk of Insider Threats
Commentary  |  5/14/2020  | 
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
79% of Companies Report Identity-Related Breach in Past Two Years
Quick Hits  |  5/14/2020  | 
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
Ensuring Business Continuity in Times of Crisis
Commentary  |  5/14/2020  | 
Three basic but comprehensive steps can help you and your organization get through adversity
New Cyber-Espionage Framework Dubbed Ramsay
News  |  5/13/2020  | 
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
CyberArk Acquires Idaptive for Identity-as-a-Service Tech
Quick Hits  |  5/13/2020  | 
The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
Nine in 10 Applications Contain Outdated Software Components
News  |  5/12/2020  | 
Almost every application uses open-source components and 91% use libraries that are out of date or that have been abandoned altogether.
Secure Contact Tracing Needs More Transparent Development
News  |  5/12/2020  | 
Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.
Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic
News  |  5/12/2020  | 
Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.
Coronavirus, Data Privacy & the New Online Social Contract
Commentary  |  5/12/2020  | 
How governments can protect personal privacy in contact tracing while saving peoples' lives
6 Free Cybersecurity Training and Awareness Courses
Slideshows  |  5/12/2020  | 
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Companies Struggle for Effective Cybersecurity
News  |  5/8/2020  | 
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
Now More Than Ever? Securing the Software Life Cycle
Commentary  |  5/7/2020  | 
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
Threat-Modeling Basics Using MITRE ATT&CK
Commentary  |  5/7/2020  | 
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
Maze Ransomware Operators Step Up Their Game
News  |  5/6/2020  | 
Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.
Financial Phishing Attacks Take Off, Malware Declines
News  |  5/6/2020  | 
In the past year, the number of digital threats increased by nearly half as phishing swamped malware to become the most dominant attack technique.
The Price of Fame? Celebrities Face Unique Hacking Threats
News  |  5/6/2020  | 
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Is CVSS the Right Standard for Prioritization?
Commentary  |  5/6/2020  | 
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
Instacart Patches Security Bug That Would Have Let Attackers Spoof SMS Messages
News  |  5/5/2020  | 
Attackers could have exploited the issue to lead online shoppers to malicious websites or to get them to download malware, Tenable says.
Cloud Startup Orca Security Raises $20M Series A
Quick Hits  |  5/5/2020  | 
The Israeli cloud security startup has built a platform to help organizations gain greater visibility into multicloud deployments.
Designing Firmware Resilience for 3 Top Attack Vectors
Commentary  |  5/5/2020  | 
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.
SMB Security Catches Up to Large Companies, Data Shows
News  |  5/4/2020  | 
Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.
7 Tips for Security Pros Patching in a Pandemic
Slideshows  |  5/4/2020  | 
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
DHS CISA Launches Site for Teleworking Security
Quick Hits  |  5/1/2020  | 
The new website is intended to be a one-stop source for information on securing teleworkers and their employers.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
Microsoft's Records Management Tool Aims to Simplify Data Governance
News  |  4/30/2020  | 
Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Ed-Tech Company Chegg Suffers Third Breach Since 2018
Quick Hits  |  4/30/2020  | 
The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE-2020-13442
PUBLISHED: 2020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.