News & Commentary

Content tagged with Compliance posted in March 2013
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Monitoring The Nomads In Your Network
News  |  3/22/2013  | 
As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
News  |  3/21/2013  | 
If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
Botnet Business Booming
Quick Hits  |  3/19/2013  | 
Some dismantled botnets rank in the top ten most prevalent as old bot malware gets repurposed, according to new Fortinet report
On Security Awareness Training
Commentary  |  3/19/2013  | 
The focus on training obscures the failures of security design
Defending Local Admin Against Physical Attacks
Commentary  |  3/13/2013  | 
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
FTC Goes After Text-Message Spammers
Quick Hits  |  3/8/2013  | 
The Federal Trade Commission filings go after 29 defendants sending 180 million phony text messages promising free gift cards
An Auditor's Thoughts On Access Control
News  |  3/7/2013  | 
Four key access control considerations an auditor will look for
Cybercriminals Likely To Expand Use Of Browser Proxies
News  |  3/7/2013  | 
Online thieves targeting victims in Brazil use a browser feature known as proxy auto-configuration to send victims to malicious sites
The Great Lie Of Compliance
Commentary  |  3/6/2013  | 
If you believe you are fully compliant, then you are not
Desktops-As-A-Service Boost Security, But Beware
News  |  3/5/2013  | 
At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor
Tale Of Two Compromises Provides Lessons For SMBs
News  |  3/1/2013  | 
The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses


'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.