Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
News  |  8/7/2020  | 
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
A Mix of Optimism and Pessimism for Security of the 2020 Election
News  |  8/6/2020  | 
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Where Dark Reading Goes Next
News  |  8/6/2020  | 
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
Information Operations Spotlighted at Black Hat as Election Worries Rise
News  |  8/6/2020  | 
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
News  |  8/6/2020  | 
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
2019 Breach Leads to $80 Million Fine for Capital One
Quick Hits  |  8/6/2020  | 
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
What a Security Engineer & Software Engineer Learned by Swapping Roles
News  |  8/5/2020  | 
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
Tales from the Trenches Show Security Issues Endemic to Healthcare
News  |  8/5/2020  | 
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
What to Tell Young People of Color About InfoSec Careers
News  |  8/5/2020  | 
CEO and founder of Revolution Cyber Juliet Okafor and Baker Hughes Director of Global OT Security Programs Paul Brager talk about the unique lessons and hard truths they provide when mentoring young black cybersecurity professionals.
A Most Personal Threat: Implantable Medical Devices
News  |  8/5/2020  | 
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
3 Tips for Securing Open Source Software
Commentary  |  8/5/2020  | 
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
News  |  8/5/2020  | 
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
Why Confidential Computing Is a Game Changer
Commentary  |  8/5/2020  | 
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
Less Than Half of Security Pros Can Identify Their Organization's Level of Risk
News  |  8/5/2020  | 
Just 51% work with the business side of the house on risk reduction objectives, new study shows.
How Ransomware Threats Are Evolving & How to Spot Them
News  |  8/4/2020  | 
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
New Spin on a Longtime DNS Intel Tool
News  |  8/4/2020  | 
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
Google & Amazon Replace Apple as Phishers' Favorite Brands
Quick Hits  |  8/4/2020  | 
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
Securing IoT as a Remote Workforce Strategy
Commentary  |  8/4/2020  | 
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
FBI Warns on New E-Commerce Fraud
News  |  8/3/2020  | 
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
COVID-19: Latest Security News & Commentary
News  |  8/3/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
News  |  7/30/2020  | 
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Citizens Are Increasingly Worried About How Companies Use Their Data
News  |  7/30/2020  | 
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
Quick Hits  |  7/29/2020  | 
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Ratings for Open Source Projects Aim to Make Software More Secure
News  |  7/27/2020  | 
Two companies have teamed up to rate open source projects, but can adopting repository ratings help developers make better decisions regarding open source?
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
VC Investment in Cybersecurity Dips & Shifts with COVID-19
News  |  7/22/2020  | 
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.
CISA Hires Security Experts to Boost COVID-19 Response
Quick Hits  |  7/22/2020  | 
The agency brings in expertise from the private sector to improve its technical capabilities and engagement with industry partners.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
The State of Hacktivism in 2020
News  |  7/21/2020  | 
Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet.
The Data Privacy Loophole Federal Agencies Are Still Missing
Commentary  |  7/21/2020  | 
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
Internet Scan Shows Decline in Insecure Network Services
News  |  7/20/2020  | 
While telnet, rsync, and SMB, exposure surprisingly have dropped, proper patching and encryption adoption remain weak worldwide.
SIGRed: What You Should Know About the Windows DNS Server Bug
News  |  7/20/2020  | 
DNS experts share their thoughts on the wormable vulnerability and explain why it should be a high priority for businesses.
England 'Test and Trace' Program Violates GDPR Privacy Law
Quick Hits  |  7/20/2020  | 
The UK government confirms the program launched in May without a Data Protection Impact Assessment, as required under GDPR.
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Commentary  |  7/20/2020  | 
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
What Organizations Need to Know About IoT Supply Chain Risk
Commentary  |  7/20/2020  | 
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
EU Court Ruling Means New Global Protections for EU Customer Data
Quick Hits  |  7/16/2020  | 
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
News  |  7/15/2020  | 
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
How Nanotechnology Will Disrupt Cybersecurity
Commentary  |  7/15/2020  | 
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Top 5 Questions (and Answers) About GRC Technology
Commentary  |  7/15/2020  | 
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
Page 1 / 2   >   >>


Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge Strategies,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.