Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
NIST Publishes Guide for Securing Hotel Property Management Systems
Dark Reading Staff, Quick Hits
These sensitive systems store guests' personal data and payment-card information.
By Dark Reading Staff , 4/1/2021
Comment0 comments  |  Read  |  Post a Comment
Ghost Users Haunt Healthcare Firms
Dark Reading Staff, Quick Hits
Data security hygiene severely lacking among healthcare firms, new research shows.
By Dark Reading Staff , 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
What a Federal Data Privacy Law Would Mean for Consumers
Rob Shavell, CEO of Abine / DeleteMeCommentary
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
By Rob Shavell CEO of Abine / DeleteMe, 3/24/2021
Comment1 Comment  |  Read  |  Post a Comment
How to Fine-Tune Vendor Risk Management in a Virtual World
Ryan Smyth & Spencer MacDonald, Managing Director / Director, FTI TechnologyCommentary
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
By Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology, 2/19/2021
Comment0 comments  |  Read  |  Post a Comment
Virginia Takes Different Tack Than California With Data Privacy Law
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 2/18/2021
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Dark Reading Staff, Quick Hits
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
By Dark Reading Staff , 1/29/2021
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Maxine Holt, Research Director, OmdiaCommentary
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
By Maxine Holt Research Director, Omdia, 1/28/2021
Comment1 Comment  |  Read  |  Post a Comment
What You Need to Know About California's New Privacy Rules
K Royal, Associate General Counsel at TrustArcCommentary
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
By K Royal Associate General Counsel at TrustArc, 1/5/2021
Comment0 comments  |  Read  |  Post a Comment
10 Benefits of Running Cybersecurity Exercises
Steve Durbin, CEO of the Information Security ForumCommentary
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
By Steve Durbin CEO of the Information Security Forum, 12/28/2020
Comment0 comments  |  Read  |  Post a Comment
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Jason Bevis & Kevin Adams-Romano, VP of Awake Labs / Incident Response Specialist at Awake SecurityCommentary
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
By Jason Bevis & Kevin Adams-Romano VP of Awake Labs / Incident Response Specialist at Awake Security, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
What's in Store for Privacy in 2021
Robert Lemos, Contributing WriterNews
Changes are coming to the privacy landscape, including more regulations and technologies.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTekCommentary
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
By Andrew Lowe Senior Information Security Consultant, TalaTek, 11/19/2020
Comment2 comments  |  Read  |  Post a Comment
A Call for Change in Physical Security
Fred Burton, Executive Director, Ontic Center for Protective IntelligenceCommentary
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
By Fred Burton Executive Director, Ontic Center for Protective Intelligence, 11/16/2020
Comment1 Comment  |  Read  |  Post a Comment
The Sameness of Every Day: How to Change Up Audit Fatigue
Stephen Horvath, Vice President, Strategy & Cloud, at Telos CorporationCommentary
And with more data compliance laws on the way, audit fatigue could be a real challenge for infosec professionals.
By Stephen Horvath Vice President, Strategy & Cloud, at Telos Corporation, 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
A Pause to Address 'Ethical Debt' of Facial Recognition
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment1 Comment  |  Read  |  Post a Comment
CISOs Planning on Bigger Budgets: Report
Dark Reading Staff, Quick Hits
Budgets are on the rise, even in a time of revenue worries across the industry.
By Dark Reading Staff , 10/9/2020
Comment1 Comment  |  Read  |  Post a Comment
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Maxine Holt, Research Director, OmdiaCommentary
Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report.
By Maxine Holt Research Director, Omdia, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
Biometric Data Collection Demands Scrutiny of Privacy Law
Kelly Sheridan, Staff Editor, Dark ReadingNews
An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
CVE-2021-3471
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.