News & Commentary

Content tagged with Compliance posted in December 2010
Happy Holidays From Dark Reading
Quick Hits  |  12/23/2010  | 
Dark Reading staff takes brief hiatus; rebooting on Jan. 3
Password Diversity Urged In Wake Of Gawker Attack
News  |  12/17/2010  | 
One of biggest threats is reuse of hacked credentials on other websites
Compliance Means Getting A Handle On Insider Threats
News  |  12/16/2010  | 
When the auditors come, they'll be looking at your internal controls as well as your external defenses. Will you be ready?
Tech Insight: Two-Factor Authentication Alone Isn't Enough
News  |  12/10/2010  | 
Protecting online banking customers entails a more holistic approach by banks that includes risk-based authentication, browser protection, and fraud monitoring
Holiday Rush Leaves Smartphones At Risk
Quick Hits  |  12/9/2010  | 
Symantec study finds smartphone users planning to use their mobile devices for work, personal purposes during the holidays
Google Ready To Test Chrome OS
News  |  12/9/2010  | 
Program participants will receive a Google-commissioned netbook, designated Cr-48, with Chrome OS installed
Endpoints More At Risk Than Ever, Study Says
Quick Hits  |  12/8/2010  | 
Threat of malware, application vulnerabilities continues to increase, Ponemon finds
Lost Laptops Cost Companies Billions, Study Says
Quick Hits  |  12/3/2010  | 
Cost of data exposure dwarfs the cost of lost equipment, according to Intel/Ponemon report

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.