Dark Reading
Protect The Business - Enable Access
Click here for more info!
Most Recent | 1
Around The Web
INFORMATIONWEEK
IT's Consumerization Compliance Conundrum
As more and more employees show up at the office carrying high-powered mobile devices, things become ridiculously complicated for IT professionals who are appropriately focused on the security of their network. But along with those worries, it?s critical to think about compliance with the same standards expected of traditional endpoints. The task is unenviable, given the expectations of employees
MODERNHEALTHCARE
FTC Emphasizes Do-Not-Track In New Privacy Report
The FTC has released a report strongly suggesting that health-care organizations provide Do Not Track functionality for patient's browsers. The hope is that the provision will be widely adopted without relying on legislation or regulation
GOVINFOSECURITY
Texas Targets ACH Fraud
The Texas Department of Banking has teamed up with the US Secret Service to form the Texas Bankers Electronic Crimes Task Force. The task force has issued an additional slate of guidelines and plans to focus on more-vulnerable small banks
MODERNHEALTHCARE
Rule To Align Privacy Regulations On Its Way
Things are about to get tougher for already-struggling health-care providers. The upcoming omnibus rule will tie HIPAA regulations in with the tougher American Recovery and Reinvestment Act. The biggest change will be the way in which health-care providers must deal with outside IT providers. From now on, these so-called business associates will be fully liable under HIPAA standards
STOREFRONTBACKTALK
Have Someone Else's Store Within Your Store? Well, You Used To Be PCI Compliant
PCI regulations are thorny enough, but when you have a store within your store -- say a Taco Bell inside a truck stop -- things get almost impossibly labyrinthine. Just allowing the inner business to use the main business's LAN can classify it as a PCI service provider and subject to all associated regulations
BANK SYSTEMS & TECHNOLOGY
PCI Compliance: The Risks Banks Can Miss
Surveys show that the rate of bank compliance with Payment Card Industry standards is discouraging at best. In many cases, this failure stems from the fact that institutions just don?t understand what they?re supposed to be complying with
BANKINFOSECURITY
Inside Microsoft's Zeus Malware Raid
Microsoft has coupled with the financial industry to launch a targeted raid on botnets, called B71. This rare collaboration seeks out hackers and hacking organizations under the rubric of the well-publicized RICO Act
BIO IT WORLD
Jiff Launches First HIPAA-Compliant Health Care Social Network
Health-care professionals banned from sharing patient stories on Facebook, but Jif plans to provide an alternative in Circle of Health. The secure channel is intended to be used as a method of communication between doctor and patient to check on progress in between visits
PR NEWSWIRE
HITECH Act Puts Security Of Electronic Medical Records In The Hands Of Hosting Providers
Hosting providers now responsible for more control, auditing and reporting
PAYMENTS SOURCE
Special Groups Let PCI Council Focus On Pressing Security Needs
With 700 members, group seeks out methods to manage standards process
OFFICE OF INADEQUATE SECURITY
DHS Official Says ISPs Would Likely Be Covered By Obama Cybersecurity Plan
ISPs would be among private sector companies that would be subject to federal oversight
BANK DIRECTOR
Can Technology Ease The Compliance Burden?
Many banks are developing new techniques, technologies for tracking and managing compliance
OFFICE OF INADEQUATE SECURITY
Data Breach Disclosures May Decline By 50 Percent Under Proposed Bills
National bill would raise the trigger for disclosure, experts say
HEALTH LEADERS
HIPAA Auditor Involved In Own Data Breach
Company hired to do audit loses unencrypted flash drive containing more than 4,500 patient records
THREAT POST
Are Anonymous Members Formed In The Crucible Of IT Compliance?
Some experts posit that Anonymous could be made up of security professionals frustrated by the hamstrings of compliance and auditing
GOVERNMENT INFO SECURITY
GAO, State Department Clash Over IT Security Documentation
State says documentation counters the spirit of continuous monitoring
Best Of Web Archive:
Most Recent | 1
What A DDoS Can Cost
Network Security Technology Evolving Rapidly, Forrester Says
UNC Charlotte Breach Affected More Than 350,000
MORE KEYHOLE
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
