News & Commentary

Content tagged with Compliance posted in December 2011
Security Holes In Software Decreased This Year, Early Data Shows
News  |  12/20/2011  | 
The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?
Tech Insight: Managing Mobile Mayhem
News  |  12/16/2011  | 
Enterprise options for encrypting and wiping mobile devices and portable storage
The Security Pro's Guide To Tablet PCs
News  |  12/14/2011  | 
You've got security strategies for portable PCs and a policy for smartphones. But what about those devices in-between? Here are some tips and trips for managing the security of iPads and similar devices
VPN An Oft-Forgotten Attack Vector
News  |  12/13/2011  | 
Remote VPN connections are not necessarily as secure as you’d think -- how enterprises can get infected by far-flung users via their SSL VPNs
Android The No. 1 Mobile Device In Enterprises
Quick Hits  |  12/13/2011  | 
New Zscaler research shows Google's Android traffic on top -- but at what security cost?
2012 Compliance Checklist
News  |  12/5/2011  | 
Security professionals need to consider these best practices and new compliance requirements as they ring in a new year
More Vendors Reacting Poorly To Disclosure
News  |  12/1/2011  | 
From Charlie Miller's latest attack on Apple's App Store to the outing of Carrier IQ, companies seem to be taking a step back and punishing researchers who disclose vulnerabilities


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.