Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Technology Empowers Pandemic Response, But Privacy Worries Remain
Robert Lemos, Contributing WriterNews
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
By Robert Lemos Contributing Writer, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Got Tagged, but Not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
By Kelly Sheridan Staff Editor, Dark Reading, 3/16/2020
Comment2 comments  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Improve Their Data Security, But Privacy Not So Much
Robert Lemos, Contributing WriterNews
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
By Robert Lemos Contributing Writer, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Why Companies Should Care about Data Privacy Day
Brad Shimmin, Distinguished AnalystCommentary
Marking yesterday's 14th anniversary of Europe's first data protection day reminds us how far we still have to go.
By Brad Shimmin Distinguished Analyst, 1/29/2020
Comment13 comments  |  Read  |  Post a Comment
CCPA: Cut From the Same Cloth as PCI DSS
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AGCommentary
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
By Jonathan Deveaux Head of Enterprise Data Protection at comforte AG, 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
Greater Focus on Privacy Pays Off for Firms
Robert Lemos, Contributing WriterNews
Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.
By Robert Lemos Contributing Writer, 1/27/2020
Comment12 comments  |  Read  |  Post a Comment
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Mark McClain, CEO & Co-founderCommentary
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
By Mark McClain CEO & Co-founder, 1/23/2020
Comment0 comments  |  Read  |  Post a Comment
Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy
Jean-Michel Franco, Senior Director of Product Marketing at TalendCommentary
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.
By Jean-Michel Franco Senior Director of Product Marketing at Talend, 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
Data Awareness Is Key to Data Security
Moti Gindi, Corporate Vice President, Microsoft Defender Advanced Threat ProtectionCommentary
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.
By Moti Gindi Corporate Vice President, Microsoft Defender Advanced Threat Protection, 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips on How to Build a Strong Security Metrics Framework
Joshua Goldfarb, Independent ConsultantCommentary
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
By Joshua Goldfarb Independent Consultant, 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
Client-Side JavaScript Risks & the CCPA
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
By Ido Safruti Co-founder & CTO, PerimeterX, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
CCPA Kickoff: What Businesses Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
By Kelly Sheridan Staff Editor, Dark Reading, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Dr. Salvatore Stolfo, Founder & CTO, Allure SecurityCommentary
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
By Dr. Salvatore Stolfo Founder & CTO, Allure Security, 12/26/2019
Comment1 Comment  |  Read  |  Post a Comment
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Anurag Kahol, CTO, BitglassCommentary
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
By Anurag Kahol CTO, Bitglass, 12/20/2019
Comment0 comments  |  Read  |  Post a Comment
Privacy Requirements & Penalties Grow, Causing Firms to Struggle
Robert Lemos, Contributing WriterNews
Between Europe's and California's privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.
By Robert Lemos Contributing Writer, 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.