News & Commentary

Content tagged with Compliance posted in April 2008
Large Businesses Wrestle With Web 2.0
News  |  4/30/2008  | 
New capabilities turn security policies and practices on end, panelists say
Software Lets Enterprises Encrypt, Restrict Use of CD/DVD Media
Quick Hits  |  4/30/2008  | 
New technology from Lumension encrypts data on CDs, prevents reading and writing without network authorization
Webroot to Launch Enterprise Web Filtering Service
News  |  4/29/2008  | 
Content filtering will be marketed alongside email management service
Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says
News  |  4/28/2008  | 
Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says
'Long-Term' Phishing Attack Underway
News  |  4/28/2008  | 
New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
Societe Generale Goat Gets IT Consulting Job
Quick Hits  |  4/28/2008  | 
Man who singlehandedly cost financial services firm more than $7B is now giving advice
Exostar Set to Launch Federated Identity Service for Aerospace
News  |  4/25/2008  | 
Service vets and authenticates customers and trading partners for its members
Men More Likely Than Women to Fall for Internet Fraud
Quick Hits  |  4/25/2008  | 
Guys lose $1.67 to every $1 lost by gals, ICCC says
Securing the Internet's DNS
News  |  4/24/2008  | 
Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Companies May Be Held Liable for Deals With Terrorists, ID Thieves
News  |  4/23/2008  | 
New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
eBay Turns Up the Heat on Fraudsters
Quick Hits  |  4/22/2008  | 
Special cookies will help online marketplace separate legitimate sellers from identity thieves
New Tool Lets Enterprises Manage Security on Multiple Linux Servers
News  |  4/21/2008  | 
Trusted Computer Solutions readies software that can 'lock down' servers running Red Hat, CentOS, or Oracle Enterprise Linux
Server Theft Exposes Data on 700,000 Consumers
Quick Hits  |  4/21/2008  | 
Break-in at debt collection company puts Indiana citizens' personal information at risk
2008 Could Be Record Year for Breaches
Quick Hits  |  4/18/2008  | 
More than 8 million Americans' data has been exposed so far this year, first-quarter study says
Customers Ticked Off Over Breach Notification
Quick Hits  |  4/17/2008  | 
Majority of customers have had their data exposed more than once, study says
Security, IT Operations, Compliance & Privacy Converge in Data Center
News  |  4/17/2008  | 
Formerly disconnected disciplines find themselves working together
Women Are Four Times More Likely to Give Up Passwords for Chocolate
Quick Hits  |  4/16/2008  | 
But overall willingness to give up passwords has dropped sharply since 2007, study finds
Wireless Security Gets Boost From New Round of Products
News  |  4/16/2008  | 
Wireless isn't the problem child it used to be, but authentication and management still challenge enterprises
PayPal Outlines Strategy to Slow Phishing
News  |  4/15/2008  | 
Web's biggest phishing target published multi-layered plan to reduce delivery of fake emails and warn users of phishing sites
RSA: Hashing Out Encryption
News  |  4/14/2008  | 
Vendors at RSA 2008 rolled out tools that make encryption easier to use and manage
New York Hospital Worker Arrested for Stealing 50,000 Patient Records
Quick Hits  |  4/14/2008  | 
Theft was discovered by police, not hospital IT staff
NAC Market Retrenches at RSA
News  |  4/9/2008  | 
Vendors try the appliance approach, scaling back from larger vision of enterprise-wide deployments with hundreds of end points
DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats
News  |  4/8/2008  | 
Homeland Security secretary Michael Chertoff says federal government and industry need to do more
Coviello: Security's a Drag on Business
News  |  4/8/2008  | 
RSA exec says more than 80% of businesses have shied away from innovation due to security concerns
Cisco, RSA Partner to Secure Data in Motion, at Rest
News  |  4/7/2008  | 
Partnership leverages data loss prevention framework unveiled by RSA last week
'Digital Trust Barometer' Is Falling
Quick Hits  |  4/7/2008  | 
More than a fifth of users have already fallen victim to online fraud
KeyCorp Unlocks Method for Extending Single Sign-on
News  |  4/4/2008  | 
Financial services firm looks to stretch SSO to business partners
Next-Gen Crypto Method Will Help Secure Mobile Apps
News  |  4/3/2008  | 
Certicom will demo new Elliptic Curve Cryptography (ECC)-based mobile ticketing, RFID tag technologies at the RSA conference
Enterprise Networks Rife With Unauthorized Apps, Study Says
News  |  4/3/2008  | 
Employees use variety of tactics to circumvent IT policies and misuse the corporate network
RSA Takes Suite Approach to Data Leak Prevention
News  |  4/2/2008  | 
Next-gen technology can inspect data, classify it, and apply policies on how to secure it


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.