News & Commentary

Content tagged with Compliance posted in January 2011
Study: Facebook Is The Most Frequently Blocked Website At Work
Quick Hits  |  1/24/2011  | 
Ironically, social networking giant is also the second-most whitelisted site, OpenDNS study says
PenFed Breach Shows That Endpoint Compromise Can Affect Database Security
News  |  1/14/2011  | 
Infected laptop led to database breach, credit union says
Password Reset
Commentary  |  1/13/2011  | 
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
U.S. Tops Spam's 'Dirty Dozen' List Once Again
Quick Hits  |  1/11/2011  | 
Pharma, other ad spam still big, but targeted, phishing spam on the rise, Sophos says
Dell To Acquire SecureWorks
News  |  1/4/2011  | 
Acquisition will enable Dell to launch managed security services
Mobile Users Most Likely To Visit Phishing Sites
Quick Hits  |  1/4/2011  | 
New research finds eight times more iPhone users going to phishing sites than BlackBerry users
TPM Authentication Is Out There, But Not Widely Used
News  |  1/4/2011  | 
Trusted Computing Group's hardware authentication technology pervasive, but rarely 'switched on'
New Trojan Could Be Trouble For Android Users
Quick Hits  |  1/3/2011  | 
Android malware is first to be able to receive instructions remotely and join botnets


Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.