News & Commentary

Content tagged with Compliance posted in January 2010
New Attack Uses Internet Explorer's Own Features Against It
News  |  1/26/2010  | 
Microsoft investigating threat, considering patch, or offering guidance for protection
New Worm Overwrites Master Boot Records
Quick Hits  |  1/25/2010  | 
Win32/Zimuse could make it difficult for users to access or restore their data, researchers say
Industry-Standard Updater For Third-Party Apps Fails To Materialize
News  |  1/20/2010  | 
Secunia decides to go it alone after failing to get buy-in from other vendors to create a standard
Product Watch: Voice Biometrics Service Adds Third Factor Of Authentication
News  |  1/15/2010  | 
PhoneFactor matches user's voice with 'voiceprint' when he logs in
U.S. Software Maker Accuses China Of Building 'Green Dam' On Stolen Code
News  |  1/6/2010  | 
In $2.2 billion lawsuit, Cybersitter says China's content filter infringes its copyrights
Spear-Phishing Experiment Evades Big-Name Email Products
Quick Hits  |  1/5/2010  | 
Phony 'Bill Gates' LinkedIn invitation dupes Microsoft, Cisco email products and other security tools, services


Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1060
PUBLISHED: 2018-06-18
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1090
PUBLISHED: 2018-06-18
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-1152
PUBLISHED: 2018-06-18
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2018-1153
PUBLISHED: 2018-06-18
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
CVE-2018-12530
PUBLISHED: 2018-06-18
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.