News & Commentary

Content tagged with Compliance posted in March 2015
7 In 10 Businesses Struggle To Sustain PCI Compliance
News  |  3/12/2015  | 
Maintaining PCI compliance is a bigger challenge that achieving it for many companies, Verizon study finds.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Todays big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
Anthem Refuses To Let Inspector General Conduct Full Security Audit
Quick Hits  |  3/5/2015  | 
Security industry has mixed reactions.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations dont use it as a starting point to understand and mitigate risks within their environment.


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3914
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can s...
CVE-2018-3915
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can sen...
CVE-2018-11240
PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of S...
CVE-2018-11241
PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
CVE-2018-16784
PUBLISHED: 2018-09-21
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.