Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in January 2012
Jury Still Out On Mobile Adware
News  |  1/31/2012  | 
Malicious software or not? Defining the threat on mobile platforms becomes more difficult as some advertising software enters a gray area
Big Data Could Create Compliance Issues
News  |  1/30/2012  | 
The bigger data sets grow, the harder compliance could become
Cloud Means More Secure Remote Access
News  |  1/30/2012  | 
Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.
The Mechanics Of Breach Notification
Commentary  |  1/27/2012  | 
Organizations need to know what constitutes a breach of identity data according to state laws and how to respond
The Future of Web Authentication
News  |  1/27/2012  | 
Many security experts believe the Internet's trust model is broken. Figuring out how to fix it will take time and collaboration
Smartcards: Still A Smart Choice?
News  |  1/26/2012  | 
Despite recent security compromises, smartcard technology still has high potential
Microsoft Names Alleged Botnet Operator Behind Kelihos
Quick Hits  |  1/24/2012  | 
Russian suspect worked for antivirus and software development firms in Russia
Breach Notification: Know The Rules
Commentary  |  1/20/2012  | 
State and federal laws require notification when a breach of protected information occurs. You need to know which laws apply and how to comply
Tilde-D Detection Focuses On Coding Anomalies
News  |  1/17/2012  | 
An open-source tool from the Laboratory of Cryptography and System Security hunts for Duqu using telltale signs left behind by the Tilde-D creation toolkit
Top 10 PCI Compliance Mistakes
News  |  1/16/2012  | 
Configuration mistakes, access control gaffes, and scoping issues top the list of common PCI errors
WISeKey And INSIDE Secure Join Forces To Target Counterfeit Luxury Goods
News  |  1/12/2012  | 
New solution also will offer sales monitoring and direct marketing capabilities
Identity Versus Authentication
Commentary  |  1/12/2012  | 
Distinguishing between identity and authentication
Comcast Internet Service Now Fully DNSSEC-Based
Quick Hits  |  1/10/2012  | 
ISP finishes its rollout of the DNS security protocol
Partner Management 3: How To Assess Prospective Partners
Commentary  |  1/7/2012  | 
Regulations require organizations to periodically assess security and compliance practices; the key is to understand how to do so effectively -- without breaking the bank
Three Surefire Ways To Tick Off An Auditor
News  |  1/3/2012  | 
Avoid these common mistakes to improve your chances for a smooth compliance audit


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4169
PUBLISHED: 2022-11-28
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and them...
CVE-2022-41732
PUBLISHED: 2022-11-28
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
CVE-2021-45036
PUBLISHED: 2022-11-28
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
CVE-2022-44399
PUBLISHED: 2022-11-28
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
CVE-2022-31877
PUBLISHED: 2022-11-28
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.