Content tagged with Compliance
Latest
Page 1 / 2   >   >>
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
Dark Reading Radio: The Changing Role Of The CSO
Commentary  |  7/8/2014  | 
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Why Your Application Security Program May Backfire
Commentary  |  7/2/2014  | 
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
ISA Praises DHS For Progress On Assessing NIST And Promoting Incentives
Products and Releases  |  6/25/2014  | 
Thumbs up to Obama administration for forgoing new regulations for cyber security.
Agiliance NIST Cybersecurity Content Pack Lowers Breach Risk
Products and Releases  |  6/25/2014  | 
Packaged Intelligence in RiskVision Platform Automates Organizational Assessments and Continuous Management of Cyber Security Risks
Risk Management Report Card
Flash Poll  |  6/16/2014  | 
First Data and Trustwave Bring New Level of Data Security to Small and Mid-Sized Businesses
Products and Releases  |  6/11/2014  | 
Companies Partner to Help Businesses Go Beyond PCI DSS Compliance with Stronger, Multi-layer Information Security Solutions Delivered through the Cloud
Compliance: The Surprising Gift Of Windows XP
Commentary  |  6/3/2014  | 
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
Lessons Learned
Flash Poll  |  6/1/2014  | 
Cyberbreach or Cyberrisk Insurance
Flash Poll  |  5/20/2014  | 
A New Approach to Endpoint Security: Think ‘Positive’
Commentary  |  5/9/2014  | 
It's time to move away from traditional blacklisting models that define what should be restricted and implicitly allow everything else.
Study: Many UK Retail, Financial Firms Still Don't Understand Security Risks
Quick Hits  |  5/8/2014  | 
Despite recent breaches, many UK retailers and financial firms haven't upgraded their online security strategies.
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Quick Hits  |  4/24/2014  | 
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
New Osterman Research Report: Only 13% Happy With Compliance Methods
Products and Releases  |  4/16/2014  | 
Burdensome Compliance Management Processes are Eating Into IT Budget
White House Details Zero-Day Bug Policy
News  |  4/15/2014  | 
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
BlackBerry Advances Security of its Multi-Platform Mobility Portfolio with New Cryptography Certification
Products and Releases  |  3/26/2014  | 
FIPS 140-2 validation granted for Secure Work Space for iOS and Android
March Madness: Online Privacy Edition
Commentary  |  3/26/2014  | 
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
Target, PCI Auditor Trustwave Sued By Banks
News  |  3/26/2014  | 
Trustwave apparently certified the retailer as PCI compliant -- but can PCI assessors be held liable for data breaches?
Liberty International Underwriters to Provide Network Activity Monitoring through BitSight Technologies for LIU Data Insure Policyholders
Products and Releases  |  3/26/2014  | 
Insurer partners with BitSight Technologies to deliver big data analysis capabilities to policyholders
IT Security Pros Abandoning Traditional Security Measures In Favor Of SMS-Based Two-Factor Authentication
Products and Releases  |  3/12/2014  | 
Ponemon and Tyntec survey finds 68% believe username/passwords not enough
Windows XP Security Issues: Fact Vs. Fiction
News  |  3/12/2014  | 
Are you prepared for the end of Microsoft support for Windows XP next month?
Security Services Cater To SMBs
News  |  3/11/2014  | 
Cloud and managed security services are headed down market with simpler interfaces masking their enterprise heritage
Compliance Is Not Hard
Commentary  |  2/26/2014  | 
Compliance requires a new set of healthy habits and the self-discipline to make those habits stick
Microsoft Beefs Up EMET
Quick Hits  |  2/25/2014  | 
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs
Cylance Announces $20 Million in Series B Funding
Products and Releases  |  2/21/2014  | 
Blackstone, Khosla Ventures, Fairhaven Capital and Private Investors Accelerate Cylance's Growth and Advanced Mathematics Platform
Okta Delivers New Identity Offerings to Power Cloud-Based Services
Products and Releases  |  2/20/2014  | 
Jive Software and Advent Software Among Cloud Service Providers Using Okta to Address Range of Identity-Related Needs for Innovative Cloud Offerings
Cylance Unveils CylancePROTECT, Applying Math to Prevent Advanced Cyber Threats on Company Endpoints
Products and Releases  |  2/18/2014  | 
New Endpoint Security Software Instantly and Mathematically Determines What is Safe and What is a Threat Without the Use of Signatures, Heuristics, Behavioral Analysis, Sandboxing Detonation or Micro-virtualization
FIDO Alliance Publishes Authentication Standards; First Products Unveiled
Quick Hits  |  2/17/2014  | 
FIDO Alliance issues specs for "authentication plumbing;" Nok Nok ships first implementation
The Mysterious Appearance Of An Anti-Theft Application
Quick Hits  |  2/13/2014  | 
Kaspersky Lab researchers discover on their machines Absolute Software Computrace anti-theft application -- but they had not installed it
Microsoft Enters Into New Global Partnerships In Fight Against Cybercrime
Products and Releases  |  2/12/2014  | 
Company joins forces with Organization of American States, Europol, and FIS to expand efforts to make Internet safer for consumers worldwide
Locking Down E-Mail With Security Services
News  |  2/12/2014  | 
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
A Quarter Of Parents Fear Their Children Have Been Exposed To Cyberthreats In Past Year
Products and Releases  |  2/11/2014  | 
One in five parents fail to monitor their child's online activity, according to Kaspersky Lab
Security Innovation Applauds U.S. DOT Decision To Move Forward With 'Talking Cars' Program
Products and Releases  |  2/6/2014  | 
US DOT research indicates that safety applications using V2V technology can reduce the majority of crashes
Javelin Study: A New Identity Fraud Victim Every Two Seconds
Quick Hits  |  2/6/2014  | 
Javelin report says identity fraud increased to 13.1 million victims in 2013
NAC Comes Back
News  |  2/5/2014  | 
BYOD and advanced malware help resuscitate network access control
Facebook 10th Anniversary: Social Media Security Infographic
Products and Releases  |  2/5/2014  | 
The explosion of Facebook and other social networking sites has created a new set of online security problems, according to SecurityCoverage
Ahead Of Senate Judiciary Committee Hearing On Data Breaches, Blumenthal, Markey Introduce Bill To Protect Consumer Information From Hackers
Products and Releases  |  2/4/2014  | 
Personal Data Protection and Breach Accountability Act aims to reduce likelihood that hackers can steal consumers' personal and financial information
Chip-and-PIN Security Push To Pit Retailers Against Banks
News  |  1/30/2014  | 
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
HALOCK Investigation Finds That Over 70% Of Mortgage Lenders May Be Putting Sensitive Financial Data At Risk
Products and Releases  |  1/30/2014  | 
Lenders permitted applicants to send personal and financial information over unencrypted email as email attachments
Verizon Collaborating With PRIVO To Protect Children's Online Activities And Information
Products and Releases  |  1/29/2014  | 
Under pilot program, PRIVO will establish the Minors Trust Framework to provide parents more control and help businesses address COPPA requirements
Securing The Distributed Network Perimeter
News  |  1/28/2014  | 
A variety of cloud and managed services can be used to lock down the rapidly expanding corporate network perimeter
Secret Service Investigating Breach At Michael's Retail Chain
Quick Hits  |  1/28/2014  | 
Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
Electronic Transactions Association (ETA) Updates Congress On Payments Industry Security
Products and Releases  |  1/27/2014  | 
Letter reiterated the payments industry's support for a uniform, national standard for data breach notification
Startup Tackles Security Through Microsoft Active Directory
Quick Hits  |  1/23/2014  | 
New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
ThreatMetrix Shares Strategies For Implementing Effective Security Measures Without Disrupting Authentic Users And Compromising Privacy
Products and Releases  |  1/22/2014  | 
Company suggests using behavior-based identity proofing
National Retail Foundation Urges Transition To More Secure And Advanced Credit And Debit Cards
Products and Releases  |  1/22/2014  | 
Expresses support for immediate transition from magnetic-stripe cards to more secure and advanced PIN and chip cards
'Password' Unseated By '123456' On Splashdata's Annual 'Worst Passwords' List
Products and Releases  |  1/21/2014  | 
List shows that many people continue to put themselves at risk by using weak, easily guessable passwords
Wickr Announces Bug Bounty Program--100 Million Messages Sent
Products and Releases  |  1/15/2014  | 
Will pay hackers up to $100,000 to uncover any vulnerabilities that substantially affect the confidentiality or integrity of its users' data
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.