Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
FBI: Phishing Can Defeat Two-Factor Authentication
Quick Hits  |  10/11/2019  | 
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
USB Drive Security Still Lags
Quick Hits  |  10/9/2019  | 
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Utilities' Operational Networks Continue to Be Vulnerable
News  |  10/8/2019  | 
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Complex Environments Cause Schools to Struggle for Passing Security Grade
News  |  10/4/2019  | 
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
Cybercrime: AI's Growing Threat
Commentary  |  10/4/2019  | 
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
8 Ways Businesses Unknowingly Help Hackers
Slideshows  |  10/4/2019  | 
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
American Express Insider Breaches Cardholder Information
Quick Hits  |  10/3/2019  | 
The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
Common Pitfalls of Security Monitoring
Commentary  |  10/3/2019  | 
We need technology, but we cant forget the importance of humans working methodically to make it effective.
How FISMA Requirements Relate to Firmware Security
Commentary  |  10/3/2019  | 
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
Stalkerware on the Rise Globally
Quick Hits  |  10/2/2019  | 
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
New Silent Starling Attack Group Puts Spin on BEC
News  |  10/2/2019  | 
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
Quantum-Safe Cryptography: The Time to Prepare Is Now
Commentary  |  10/2/2019  | 
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
'Father of Identity Theft' Convicted on 13 Federal Counts
Quick Hits  |  10/1/2019  | 
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
Navigating Your First Month as a New CISO
Commentary  |  10/1/2019  | 
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Ransomware Hits Multiple, Older Vulnerabilities
Quick Hits  |  9/26/2019  | 
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
When Compliance Isn't Enough: A Case for Integrated Risk Management
News  |  9/25/2019  | 
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Commentary  |  9/25/2019  | 
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
6 Best Practices for Performing Physical Penetration Tests
Commentary  |  9/24/2019  | 
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
Rethinking Risk Management
News  |  9/23/2019  | 
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
Crowdsourced Security & the Gig Economy
Commentary  |  9/19/2019  | 
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
How Cybercriminals Exploit Simple Human Mistakes
News  |  9/18/2019  | 
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
New Security Startup Emerges from Stealth Mode
Quick Hits  |  9/18/2019  | 
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
Page 1 / 2   >   >>


For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.