News & Commentary

Content tagged with Compliance posted in March 2013
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Monitoring The Nomads In Your Network
News  |  3/22/2013  | 
As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts
Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
News  |  3/21/2013  | 
If courts were to reverse $13 million in fines levied by Visa against the retailer, it could take a lot of wind out of PCI's sails
Botnet Business Booming
Quick Hits  |  3/19/2013  | 
Some dismantled botnets rank in the top ten most prevalent as old bot malware gets repurposed, according to new Fortinet report
On Security Awareness Training
Commentary  |  3/19/2013  | 
The focus on training obscures the failures of security design
Defending Local Admin Against Physical Attacks
Commentary  |  3/13/2013  | 
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
FTC Goes After Text-Message Spammers
Quick Hits  |  3/8/2013  | 
The Federal Trade Commission filings go after 29 defendants sending 180 million phony text messages promising free gift cards
An Auditor's Thoughts On Access Control
News  |  3/7/2013  | 
Four key access control considerations an auditor will look for
Cybercriminals Likely To Expand Use Of Browser Proxies
News  |  3/7/2013  | 
Online thieves targeting victims in Brazil use a browser feature known as proxy auto-configuration to send victims to malicious sites
The Great Lie Of Compliance
Commentary  |  3/6/2013  | 
If you believe you are fully compliant, then you are not
Desktops-As-A-Service Boost Security, But Beware
News  |  3/5/2013  | 
At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor
Tale Of Two Compromises Provides Lessons For SMBs
News  |  3/1/2013  | 
The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses


Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3483
PUBLISHED: 2019-03-25
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
CVE-2019-3484
PUBLISHED: 2019-03-25
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.
CVE-2019-6240
PUBLISHED: 2019-03-25
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
CVE-2015-3953
PUBLISHED: 2019-03-25
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospi...
CVE-2015-3954
PUBLISHED: 2019-03-25
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommen...