The Wayback Machine - https://web.archive.org/web/20170710090402/http://www.darkreading.com/risk.asp
Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
Tim Wilson, Editor in Chief, Dark Reading, News
Significant compromises are not just feared, but expected, Black Hat attendees say
By Tim Wilson, Editor in Chief, Dark Reading , 7/6/2017
Comment2 comments  |  Read  |  Post a Comment
The Problem with Data
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 7/3/2017
Comment1 Comment  |  Read  |  Post a Comment
8 Things Every Security Pro Should Know About GDPR
Jai Vijayan, Freelance writer
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
By Jai Vijayan Freelance writer, 6/30/2017
Comment1 Comment  |  Read  |  Post a Comment
US Tech Companies Argued to Maintain Russia Spy Agency Ties
Dark Reading Staff, Quick Hits
US technology companies lobbied the US government to create exceptions for a ban on business relationships with Russia's Federal Security Service.
By Dark Reading Staff , 6/30/2017
Comment0 comments  |  Read  |  Post a Comment
Telegram Agrees to Register Messaging App With Russia
Dark Reading Staff, Quick Hits
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Virginia Consultant Charged with Espionage
Dark Reading Staff, Quick Hits
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Sharing: The New Normal?
Danelle Au, VP Strategy, SafeBreachCommentary
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
By Danelle Au VP Strategy, SafeBreach, 6/23/2017
Comment13 comments  |  Read  |  Post a Comment
Talking Cyber-Risk with Executives
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Explaining risk can be difficult since CISOs and execs don�t speak the same language. The key is to tailor your message for the audience.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/23/2017
Comment14 comments  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment1 Comment  |  Read  |  Post a Comment
KPMG: Cybersecurity Has Reached a �Tipping Point� from Tech to CEO Business Issue
Tony Buffomante, KPMG, U.S. Cyber Security Services LeaderCommentary
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
By Tony Buffomante KPMG, U.S. Cyber Security Services Leader, 6/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Launches New Conference on Cyber Defense
Tim Wilson, Editor in Chief, Dark Reading, Commentary
November event will focus on attendee interaction, "blue team" best practices
By Tim Wilson, Editor in Chief, Dark Reading , 6/21/2017
Comment4 comments  |  Read  |  Post a Comment
Cyber Insurance: Read the Fine Print!
Sara Boddy, Principal Threat Research Evangelist
Applying for insurance is a grueling process involving detailed questionnaires and lengthy technical interviews that can still leave you without an adequate safety net.
By Sara Boddy Principal Threat Research Evangelist, 6/15/2017
Comment1 Comment  |  Read  |  Post a Comment
By the Numbers: Parsing the Cybersecurity Challenge
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Why your CEO should rethink company security priorities in the drive for digital business growth.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/14/2017
Comment3 comments  |  Read  |  Post a Comment
Europol Operation Busts Payment Card Identity Theft Ring
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Spend 1,156 Hours Per Week on Endpoint Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Ditch the Big Ass Spreadsheet with Continuous Security Compliance
Tim Prendergast, Founder & CEO, Evident.io
Replacing outdated spreadsheets with automated, continuous monitoring reduces workload and increases reliability, making compliance easy.
By Tim Prendergast Founder & CEO, Evident.io, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Cloud: Pitfalls and Potential of CASB Systems
Kelly Sheridan, Associate Editor, Dark ReadingNews
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment2 comments  |  Read  |  Post a Comment
Cybersecurity Stands as Big Sticking Point in Software M&A;
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The breach that was the fly in the ointment of the Yahoo-Verizon deal is one of many now surfacing as security of acquired firms starts to become a point of negotiation.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Sensitive DoD Data Discovered on Unprotected Server
Dark Reading Staff, Quick Hits
Researcher found unsecured repository of 60,000 documents of sensitive US data on a publicly exposed Amazon Web Services "S3" bucket used by government contractor Booz Allen Hamilton.
By Dark Reading Staff , 6/1/2017
Comment2 comments  |  Read  |  Post a Comment
SMB Security: Don�t Leave the Smaller Companies Behind
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Global Commission on the Stability of Cyberspace Holds First Full Commission Meeting
Weak DevOps Cryptographic Policies Increase Financial Services Cyber Risk: Venafi
Nominum Introduces DNS-based SaaS Solution
Optiv Security Improves Third-Party Risk Intelligence for Risk Monitoring
Convicted Russian Cyber Criminal Roman Seleznev Faces Charges in Atlanta
International Consortium Launches to Prevent Criminal Use of Dark Web and Virtual Currencies
House Bill to Help Small Businesses Facing Cybersecurity Risks
Less Than Half of Organizations are Preparing for GDPR Despite Awareness
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.