Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
A Pause to Address 'Ethical Debt' of Facial Recognition
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
CISOs Planning on Bigger Budgets: Report
Dark Reading Staff, Quick Hits
Budgets are on the rise, even in a time of revenue worries across the industry.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Maxine Holt, Research Director, OmdiaCommentary
Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report.
By Maxine Holt Research Director, Omdia, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
Biometric Data Collection Demands Scrutiny of Privacy Law
Kelly Sheridan, Staff Editor, Dark ReadingNews
An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.
By Kelly Sheridan Staff Editor, Dark Reading, 10/2/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Problem With Security Standards
Adam Shostack, Consultant, Entrepreneur, Technologist, Game DesignerCommentary
More explicit threat models can make security better and open the door to real and needed innovation.
By Adam Shostack Consultant, Entrepreneur, Technologist, Game Designer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Simplify Your Privacy Approach to Overcome CCPA Challenges
Hilary Wandall, Senior Vice President, Privacy Intelligence and General Counsel at TrustArcCommentary
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
By Hilary Wandall Senior Vice President, Privacy Intelligence and General Counsel at TrustArc, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
8 Frequently Asked Questions on Organizations' Data Protection Programs
Bernard Woo, Senior Director Analyst, GartnerCommentary
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
By Bernard Woo Senior Director Analyst, Gartner, 9/8/2020
Comment0 comments  |  Read  |  Post a Comment
The Hidden Security Risks of Business Applications
Brian Tremblay, Compliance Practice Leader at OnapsisCommentary
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
By Brian Tremblay Compliance Practice Leader at Onapsis, 9/4/2020
Comment0 comments  |  Read  |  Post a Comment
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
By Terry Sweeney Contributing Editor, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Confidential Computing Is a Game Changer
Vinton G. Cerf, VP & Chief Internet Evangelist, GoogleCommentary
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
By Vinton G. Cerf VP & Chief Internet Evangelist, Google, 8/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Citizens Are Increasingly Worried About How Companies Use Their Data
Robert Lemos, Contributing WriterNews
With data privacy important to almost every American, more than two-thirds of those surveyed say they don't trust companies to ethically sell their data.
By Robert Lemos Contributing Writer, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
The Data Privacy Loophole Federal Agencies Are Still Missing
Scott Straub, Public Sector Lead of Federal Risk Markets, Neustar, IncCommentary
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
By Scott Straub Public Sector Lead of Federal Risk Markets, Neustar, Inc, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Maxine Holt, Research Director, OmdiaCommentary
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
By Maxine Holt Research Director, Omdia, 7/20/2020
Comment0 comments  |  Read  |  Post a Comment
Top 5 Questions (and Answers) About GRC Technology
Matt Kunkel, Co-founder & CEO, LogicGateCommentary
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
By Matt Kunkel Co-founder & CEO, LogicGate, 7/15/2020
Comment0 comments  |  Read  |  Post a Comment
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Privacy & Security Outlook for Businesses Post-COVID-19
Aaron Shum, Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research GroupCommentary
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
By Aaron Shum Practice Lead - Security, Privacy, Risk & Compliance, Info-Tech Research Group, 6/5/2020
Comment0 comments  |  Read  |  Post a Comment
The Need for Compliance in a Post-COVID-19 World
Baan Alsinawi, Founder and Managing Director at TalaTekCommentary
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
By Baan Alsinawi Founder and Managing Director at TalaTek, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.