News & Commentary

Content tagged with Privacy posted in January 2017
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
US Seeks To Intervene In Case Against Privacy Shield
Quick Hits  |  1/20/2017  | 
Digital Rights Ireland has challenged the data transfer pact raising questions of its ability to protect EU privacy.
What CISOs Need To Know Before Adopting Biometrics
Commentary  |  1/18/2017  | 
Biometric techniques offer a solution to the password problem, but getting started can be tough. Here are a few things you need to know.
Advances In SSL: 5 Strategies For Secure, High-Performance Load Balancers
Commentary  |  1/17/2017  | 
Today, even Netflix is streaming hit movies and TV shows via encrypted connections! Heres how to manage higher volumes of encrypted traffic without bogging down your network.
10 Cocktail Party Security Tips From The Experts
Slideshows  |  1/13/2017  | 
Security pros offer basic advice to help average users ward off the bad guys.
Credit Freeze: The New Normal In Data Breach Protection?
Commentary  |  1/11/2017  | 
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
The Limitations Of Phishing Education
Commentary  |  1/9/2017  | 
Human nature means that education will only go so far. Technology needs to take up the slack.
Fake Uber App Hides Credential Theft with 'Deep Links'
News  |  1/3/2017  | 
Researchers discover a fake Uber application is tricking Android users into sharing their credentials with hackers.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3783
PUBLISHED: 2018-08-17
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
CVE-2018-3784
PUBLISHED: 2018-08-17
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.
CVE-2018-3785
PUBLISHED: 2018-08-17
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
CVE-2018-10873
PUBLISHED: 2018-08-17
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially,...
CVE-2018-5546
PUBLISHED: 2018-08-17
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of se...