Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in April 2007
Telcos at Risk of Web Bugs
News  |  4/27/2007  | 
Service providers face security learning curve as they roll out next-generation Web services
Retailers Still Lag in PCI Compliance
News  |  4/17/2007  | 
Despite recent data breaches, more than half still have not implemented guidelines for protecting credit card data
SCADA State of Denial
News  |  4/16/2007  | 
More bugs and security tools for process control industry - but it's more a mindset than a technology problem
Loan Companies Abusing Student Database
News  |  4/16/2007  | 
Financial companies accused of unauthorized mining of National Student Loan Data System
Electoral Subtext
News  |  4/16/2007  | 
Whether you're monitoring the voting process or the status of your most valued server, you better have a Plan B
Study: Browser Warnings Don't Work
News  |  4/13/2007  | 
Despite lock-and-key icons and pop-up alerts, banking users just keep on loggin' on, Harvard/MIT researchers say
10 Hot Security Startups
News  |  4/12/2007  | 
Want to know who's on the cutting edge of security technology? Take a look at these 10 newcomers
Feds Under Fire Over Security
News  |  4/12/2007  | 
Agencies get C- on security report card; FTC criticized for low number of spam, spyware convictions
Security Enforcement, The Cooperative Way
News  |  4/11/2007  | 
Aventail pushes envelope on cooperative policy enforcement, will add interfaces to SSL VPN gateways this year
RFID Under Attack Again
News  |  4/9/2007  | 
RFID hacking isn't rocket science, but the risk depends on proper use, deployment
Whirlpool Spins New Address Scheme
News  |  4/6/2007  | 
New DNS address management tools help appliance maker wash away previous security woes
Hacking Bluetooth With a USB Stick
News  |  4/5/2007  | 
European researchers have built a Bluetooth sniffer on a $30 USB dongle
Audit Uncovers IRS Security Flaws
News  |  4/4/2007  | 
Tax agency not doing enough to protect taxpayer data on laptops, PCs, according to Treasury report
Dude, Where's Your PC?
News  |  4/2/2007  | 
Audit exposes lost computers at counterintelligence agency, need for better inventory management


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18610
PUBLISHED: 2019-11-22
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syste...
CVE-2019-9536
PUBLISHED: 2019-11-22
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
CVE-2013-6811
PUBLISHED: 2019-11-22
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding...
CVE-2013-6880
PUBLISHED: 2019-11-22
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.
CVE-2019-15652
PUBLISHED: 2019-11-22
The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.