News & Commentary

Content tagged with Compliance posted in October 2011
Is Biometrics The Answer To The Authentication Question?
News  |  10/28/2011
Years in the making, biometrics still has not entered the mainstream of authentication options. Here's a look at where and when to use it
Innovative Attacks Treat Mobile Phones As Sensors
News  |  10/27/2011
Recent research showed that a phone's accelerometer could detect vibrations from key presses on a nearby keyboard
PCI Council Pegs Success On Community Involvement
News  |  10/27/2011
The PCI Security Council celebrates its fifth anniversary this year with greater industry collaboration and more work ahead
Social Malice: One In 100 Tweets And One In 60 Facebook Posts Are Malicious
News  |  10/27/2011
LinkedIn users feel safest, according to new social networking data gathered by Barracuda networks -- but not for long
Spam Gang Puts Up 80 URL-Shortening Service Sites
Quick Hits  |  10/25/2011
Symantec discovers spammers leaving their own URL-shortening services open to the public
Compliance Holds Up Los Angeles Google Apps Deployment
News  |  10/24/2011
Google Apps deployment has been long delayed due to security issues, but that doesn't mean security compliance is impossible with the cloud-based service
Pocket Guide To Securing Mobile Devices
News  |  10/24/2011
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
Sinkholing For Profit
Commentary  |  10/24/2011
Concerns over the legality and ethics of security organizations that profit from their sinkhole operations
FFIEC Goes Beyond Traditional Authentication
Commentary  |  10/18/2011
The FFIEC recommends that organizations provide additional business and fraud detection controls to offset weaknesses in authentication technology
Banking Trojans Adapting To Cheat Out-of-Band Security
News  |  10/18/2011
As financial institutions adopt out-of-band security, attackers quickly adapt
New Microsoft Data Puts Zero-Day Threat Into Perspective
News  |  10/12/2011
Report on infected Windows machines worldwide also highlights slack patching practices
Compliance Outside Corporate Walls
News  |  10/10/2011
Getting third parties that touch regulated data to comply can be as important as your own internal compliance efforts
Users Whose Accounts Get Hacked Find Out From Their Friends
Quick Hits  |  10/6/2011
New survey finds that 62 percent of users don't know how their Gmail, Yahoo, Hotmail, and Facebook accounts were hacked
ISP Backlash Over Feds' Bot Notification Initiative
News  |  10/5/2011
MAAWG says ISPs are already tackling bots, and 'legislating' how to do it could stymie innovative efforts

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.