News & Commentary

Content tagged with Compliance posted in October 2014
Financial Breaches Show Trust Model Is Broken
Commentary  |  10/31/2014  | 
Its a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
20% Of 'Broadly Shared' Data Contains Regulated Info
News  |  10/23/2014  | 
Forget shadow IT. The new risk is "shadow data."
Compliance Is A Start, Not The End
Compliance Is A Start, Not The End
Dark Reading Videos  |  10/21/2014  | 
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
4 ID Management Tips For Better Breach Resistance
News  |  10/13/2014  | 
AT&T insider attack case highlights the need for strong privileged identity management practices.
DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection
News  |  10/8/2014  | 
The SAFETY Act can offer a layer of legal protection for cyber security vendors, providers, and enterprise security policies in the wake of an attack, an attorney says.
Tokenization: 6 Reasons The Card Industry Should Be Wary
Commentary  |  10/7/2014  | 
VISAs new token service aims to provide consumers a simple, fraud-free digital payment experience. Its a worthy goal, but one that may prove to be more aspirational than functional.
How Cookie-Cutter Cyber Insurance Falls Short
Commentary  |  10/6/2014  | 
Many off-the-shelf cyber liability policies feature a broad range of exclusions that wont protect your company from a data breach or ransomware attack.


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12716
PUBLISHED: 2018-06-25
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its l...
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...