News & Commentary

Content tagged with Privacy posted in April 2017
Intrusion Suppression:' Transforming Castles into Prisons
Commentary  |  4/18/2017  | 
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
The Implications Behind Proposed Internet Privacy Rules
Commentary  |  4/18/2017  | 
The FCC's overreach needed to be undone to protect the FTC's authority over privacy.
Health Savings Account Fraud: The Rapidly Growing Threat
Commentary  |  4/14/2017  | 
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
Tax Season Surprise: W-2 Fraud
Commentary  |  4/11/2017  | 
W-2 fraud used to target businesses exclusively but has now set its sights on many other sectors. Here's what you can do to prevent it from happening to you.
When Hacks Are about Image instead of Money
Commentary  |  4/11/2017  | 
If you think fake news is a problem, how about the possibility of fake medical or financial information making the rounds with no way to verify its legitimacy?
FAFSA Tool Taken Offline After Breach Report
Quick Hits  |  4/7/2017  | 
Personal data of 100,000 taxpayers compromised after IRS students financial aid tool hacked.
Commodity Ransomware Is Here
Commentary  |  4/6/2017  | 
When deploying ransomware is as easy as ordering a pizza, the best defense is through better threat intelligence sharing.
11 UK Charities Punished for Violating Data Privacy Law
Quick Hits  |  4/6/2017  | 
Organizations fined between 6,000 and 18,000 by UKs Information Commissioners Office.
GDPR Doesnt Need to be GDP-Argh!
Commentary  |  4/5/2017  | 
These 10 steps will ease the pain of compliance with the General Data Protection Regulation, the EU's new privacy law that goes into effect in a little over a year.
To Attract and Retain Better Employees, Respect Their Data
Commentary  |  4/3/2017  | 
A lack of privacy erodes trust that employees should have in management.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-17305
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher R...
CVE-2017-17311
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted...
CVE-2017-17312
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted...
CVE-2018-12115
PUBLISHED: 2018-08-21
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second...
CVE-2018-7166
PUBLISHED: 2018-08-21
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misint...