News & Commentary

Content tagged with Compliance posted in April 2010
Storm Worm Reappears
News  |  4/28/2010  | 
Slightly revamped version of original malware used by the infamous Storm botnet being actively spammed -- and spreading
Microsoft: Enterprises Hit Hardest By Worms; Consumers By Trojans And Adware
News  |  4/26/2010  | 
Rogue AV was the common denominator threat to all users, according to findings in the new Microsoft Security Intelligence Report
Bad Guys Take Aim At iPad Users
News  |  4/26/2010  | 
Scam involves spam e-mail messages addressed to iPad users
Crippling McAfee Virus Update Could Have Long-Term Fallout
News  |  4/22/2010  | 
McAfee says it didn't fully test errant DAT file on XP Service Pack 3; some tens of thousands of PCs reportedly hit
Why Employees Break Security Policy (And What You Can Do About It)
News  |  4/20/2010  | 
Companies that monitor network behavior say many employees still break rules in order to get their jobs done
IT Isn't Keeping Up With End Users, Study Says
Quick Hits  |  4/19/2010  | 
Most organizations unable to keep up with users' job responsibilities and access rights, Ponemon study says


Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19653
PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVE-2018-19982
PUBLISHED: 2018-12-09
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HU...
CVE-2018-19983
PUBLISHED: 2018-12-09
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending ...
CVE-2018-19980
PUBLISHED: 2018-12-08
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
CVE-2018-19961
PUBLISHED: 2018-12-08
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.