News & Commentary

Content tagged with Compliance posted in October 2007
Researcher: Vonage Vulnerable
News  |  10/26/2007
Popular VOIP service could be subject to spoofing, eavesdropping, and denial of service, Sipera warns
Sprint Adds Laptop Security to Mobile Broadband
News  |  10/25/2007
Wireless carrier is first to distribute Alcatel-Lucent's Laptop Guardian connection card
Is NAC Dying?
News  |  10/24/2007
Frustrated with complexity and cost, many enterprises are retrenching their NAC strategies
Upstart Takes New Tack on Digital Signatures
News  |  10/22/2007
TriCipher's new MySignatureBook enables multiple signers to authorize a single document electronically
Phishing's Future Scapegoats
News  |  10/17/2007
If they don't act soon, frequently-phished companies may be held liable for crimes committed in their names
Wolves in IT Administrators' Clothing?
News  |  10/16/2007
Enterprises, vendors move to safeguard their systems from rogue systems administrators
eBay, PayPal Phishing Exploits Plummet
Quick Hits  |  10/16/2007
Sophos says 21 percent of phishing emails target eBay and PayPal, down from 85 percent last year
Schwarzenegger Terminates CA Retail Data Security Law
News  |  10/15/2007
Minnesota remains only state to outlaw retention of credit card data
Obstacles Nick NAC, But Growth Continues
News  |  10/12/2007
Most companies are getting network access control, but cost and lack of integration still are pain points
IGN Locks Down Endpoints
News  |  10/12/2007
IGN Entertainment uses technology from Bit9 to control what its end users can access - and what they can't
Former IT Admin Convicted of Sabotage
News  |  10/11/2007
Disgruntled staffer faces 10 years in jail after destroying payroll and HR files at Pentastar
Experts: Security Flaws Vary on Social Networking Sites
News  |  10/10/2007
Though often lumped together, MySpace, Facebook, and LinkedIn each have their own security weaknesses
FTC Comes Down Hard on Spammers
News  |  10/10/2007
In separate cases, agency slaps complaints on defendants for identity trafficking, bogus product claims
Are Hackers Piggybacking on Your Wireless Modem?
Quick Hits  |  10/3/2007
UK wireless service provider warns 250,000 customers of modem flaw
Web Hack Exposes Personal Data of 14,000 At Nature Conservancy
News  |  10/2/2007
Attacker accessed data via malware attached to association Website

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo Global,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.