Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //


News & Commentary
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Citizens Are Increasingly Worried About How Companies Use Their Data
Robert Lemos, Contributing WriterNews
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
By Robert Lemos Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
The Data Privacy Loophole Federal Agencies Are Still Missing
Scott Straub, Public Sector Lead of Federal Risk Markets, Neustar, IncCommentary
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
By Scott Straub Public Sector Lead of Federal Risk Markets, Neustar, Inc, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Maxine Holt, Research Director, OmdiaCommentary
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
By Maxine Holt Research Director, Omdia, 7/20/2020
Comment0 comments  |  Read  |  Post a Comment
Top 5 Questions (and Answers) About GRC Technology
Matt Kunkel, Co-founder & CEO, LogicGateCommentary
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
By Matt Kunkel Co-founder & CEO, LogicGate, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Privacy & Security Outlook for Businesses Post-COVID-19
Aaron Shum, Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research GroupCommentary
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
By Aaron Shum Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research Group, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus, Data Privacy & the New Online Social Contract
Shuman Ghosemajumder, Global Head of Artificial Intelligence, F5 NetworksCommentary
How governments can protect personal privacy in contact tracing while saving peoples' lives
By Shuman Ghosemajumder Global Head of Artificial Intelligence, F5 Networks, 5/12/2020
Comment0 comments  |  Read  |  Post a Comment
Will the Pandemic Complicate Cyber Insurance Claims?
Edge Editors, Dark Reading
While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.
By Edge Editors Dark Reading, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Narrow the Scope of Compliance
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Many organizations are doing more than they need regarding compliance.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 4/24/2020
Comment1 Comment  |  Read  |  Post a Comment
'Look for the Helpers' to Securely Enable the Remote Workforce
Scott Price, Chief Executive Officer at A-LIGNCommentary
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
By Scott Price Chief Executive Officer at A-LIGN, 4/17/2020
Comment0 comments  |  Read  |  Post a Comment
Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later?
Edge Editors, Dark Reading
To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there's a PHI slip-up?
By Edge Editors Dark Reading, 4/14/2020
Comment0 comments  |  Read  |  Post a Comment
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Technology Empowers Pandemic Response, But Privacy Worries Remain
Robert Lemos, Contributing WriterNews
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
By Robert Lemos Contributing Writer, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Got Tagged, but Not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.